Date: Sat, 26 Jul 2014 11:43:38 -0700 From: Cy Schubert <Cy.Schubert@komquats.com> To: Darren Reed <darrenr@fastmail.net> Cc: freebsd-current@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <201407261843.s6QIhcx4008597@slippy.cwsent.com> In-Reply-To: Message from Darren Reed <darrenr@fastmail.net> of "Sat, 26 Jul 2014 21:49:56 %2B1000." <53D395E4.1070006@fastmail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <53D395E4.1070006@fastmail.net>, Darren Reed writes: > On 24/07/2014 1:42 AM, Cy Schubert wrote: > >>> > >>> But, lack of ipv6 fragment processing still causes ongoing pain. That'= > >>> s our=20 > >>> #1 wish list item for the cluster. > > Taking this discussion slightly sideways but touching on this thread a > > little, each of our packet filters will need nat66 support too. Pf doesn't > > support it for sure. I've been told that ipfw may and I suspect ipfilter > > doesn't as it was on Darren's todo list from 2009. > > ipfiler 5 handles fragments for ipv6. Switching gears and leaving the discussion of ipv6 fragments to mention nat66. A lot of people have been talking about nat66. I could be wrong but I don't think it can handle nat66. I need to do some testing to verify this. I remember reading on sourceforge that it was on your todo list. It doesn't look like it was checked off as being completed. -- Cheers, Cy Schubert <Cy.Schubert@komquats.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407261843.s6QIhcx4008597>