wishmaster wrote:
--- Original message ---
From: "Gary Palmer" <gpal...@freebsd.org>
Date: 14 April 2013, 19:06:59
On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
Is it possible to move ipfilter into a port?
That may work short term, but the ENOMAINTAINER problem will quickly creep
up again as kernel APIs change. If the author has lost interest in
maintaining the FreeBSD port of ipfilter then unless someone steps forward
to carry on the work, I don't see much of a future for ipfilter in
FreeBSD
Do we honestly need three packet filters?
Yes! This is the most clever thought in this thread. Why we need 3 firewalls? Two packet filters it's excess too.
We have two packet filters: one with excellent syntax and functionality
but with outdated bandwidth control mechanism (aka ALTQ); another - with nice
traffic shaper/prioritization (dummynet)/classification (diffused) but with
complicated implementation in not trivial tasks.
May be the next step will be discussion about one packet filter in the
system?..
Cheers,
For non-nat ipfw is still superior in every way, numbered rules (think:
scripts), dummynet, much faster than pf, syntax is a lot nicer and
predictable...
Does anyone even use ipf? it doesn't even work on Linux anymore, junk it
and keep pf+ipfw, job done.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
