Old Synopsis: Bridge firewall with trunk ports and vlans
New Synopsis: [bridge] Problem with bridge firewall with trunk ports and vlans
Responsible-Changed-From-To: freebsd-i386->freebsd-net
Responsible-Changed-By: linimon
Responsible-Changed-When: Mon Apr 15 01:49:58 UTC 2013
Responsible-Changed-
On Apr 14, 2013, at 5:25 PM, Mark Martinec wrote:
> ... and as far as I can tell none of them is currently usable
> on an IPv6-only FreeBSD (like protecting a host with sshguard),
> none of them supports stateful NAT64, nor IPv6 prefix translation :(
pfSense 2.1 has a lot of work to make this h
On Sunday April 14 2013 19:30:22 wishmaster wrote:
> > Do we honestly need three packet filters?
> Yes! This is the most clever thought in this thread. Why we need 3
> firewalls? Two packet filters it's excess too. We have two packet filters:
> one with excellent syntax and functionality but with o
On 2013/04/14, at 12:11, Anton Shterenlikht wrote:
> A migration *guide*, yes. Tools to convert one syntax to another: no.
>
> ok, so what is the brief migraiton advice?
It's still being written.
> The Handbook mentions PF and IPFW.
> I gather from your mails that PF is the recommended c
I agree with this, we dont need 3 packet filters, it seems like we should
focus the people interested in working on packet filters,toward the packet
filter most actively maintained, the fact that there is 3 in base is
overkill, Just depreciate it and be done with it
a new email, asking for help
A migration *guide*, yes. Tools to convert one syntax to another: no.
ok, so what is the brief migraiton advice?
The Handbook mentions PF and IPFW.
I gather from your mails that PF is the recommended choice.
Is that so?
If I choose PF, can I just follow the
Handbook PF section, and once i
wishmaster wrote:
--- Original message ---
From: "Gary Palmer"
Date: 14 April 2013, 19:06:59
On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
Is it possible to move ipfilter into a port?
That may work short term, but the ENOMAINTAINER problem will quickly creep
up again as k
Odhiambo Washington writes:
> 2. PF is being felt to be part of FreeBSD, but it too lags far behind
> OpenBSD implementation - almost like it's unmaintained. There has been
> debates about this which were never concluded. Most of you will agree with
> me on this.
FreeBSD's version of pf is active
--- Original message ---
From: "Gary Palmer"
Date: 14 April 2013, 19:06:59
> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
> > Is it possible to move ipfilter into a port?
>
> That may work short term, but the ENOMAINTAINER problem will quickly creep
> up again as kernel API
Hi,
I will see what I can do when I come back from work. PF is based on
ipfilter so having 3 is indeed a bit much.
Chris
> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
>> Is it possible to move ipfilter into a port?
>
> That may work short term, but the ENOMAINTAINER problem wil
On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
> Is it possible to move ipfilter into a port?
That may work short term, but the ENOMAINTAINER problem will quickly creep
up again as kernel APIs change. If the author has lost interest in
maintaining the FreeBSD port of ipfilter then
On 14 April 2013 16:48, Warren Block wrote:
> On Sun, 14 Apr 2013, Chris Rees wrote:
>
>> On 14 April 2013 01:41, Rui Paulo wrote:
>>>
>>> 2013/04/13 16:01?Scott Long ??:
>>>
>>>
Maybe something else, but whatever it is, it should be done. If you and
Gleb don't want to do this, I
It's NOT possible, because someone has to handle the kernel hooks, which is
the contention.
Mark as deprecated, remove the HandBook section, but only for 10.x
On 14 April 2013 18:48, Warren Block wrote:
> On Sun, 14 Apr 2013, Chris Rees wrote:
>
> On 14 April 2013 01:41, Rui Paulo wrote:
>>
On Sun, 14 Apr 2013, Chris Rees wrote:
On 14 April 2013 01:41, Rui Paulo wrote:
2013/04/13 16:01?Scott Long ??:
Maybe something else, but whatever it is, it should be done. If you and Gleb
don't want to do this, I will.
I already started writing a guide. See here for a very incomple
I do not stand in any good stead to comment on this, but I have used
IPFilter more extensively than PF when it comes to FreeBSD and packet
manipulations. As a user, what I can say is this:
1. The only firewall that seems 'native' to FreeBSD is ipfw and I believe
it works very well for some users w
On Apr 14, 2013, at 7:20 AM, Joe wrote:
> Rui Paulo wrote:
>> On 2013/04/12, at 22:31, Scott Long wrote:
>>> On Apr 12, 2013, at 7:43 PM, Rui Paulo wrote:
>>>
On 2013/04/11, at 13:18, Gleb Smirnoff wrote:
> Lack of maintainer in a near future would lead to bitrot due to change
Rui Paulo wrote:
On 2013/04/12, at 22:31, Scott Long wrote:
On Apr 12, 2013, at 7:43 PM, Rui Paulo wrote:
On 2013/04/11, at 13:18, Gleb Smirnoff wrote:
Lack of maintainer in a near future would lead to bitrot due to changes
in other areas of network stack, kernel APIs, etc. This already
Hi.
On 12.04.2013 20:13, Olivier Cochard-Labbé wrote:
On Fri, Apr 12, 2013 at 1:54 PM, Gleb Smirnoff wrote:
On Fri, Apr 12, 2013 at 01:45:51PM +0200, Olivier Cochard-Labb? wrote:
O> PR closed too soon ?
It isn't closed, it is in patched state. This means that problem
is considered solve in th
Rui Paulo wrote:
> 2013/04/13 16:01、Scott Long のメッセージ:
>
>> Maybe something else, but whatever it is, it should be done. If you and
>> Gleb don't want to do this, I will.
>
> I already started writing a guide. See here for a very incomplete version:
>
> http://people.freebsd.org/~rpaulo/ipf-d
On 14 April 2013 01:41, Rui Paulo wrote:
> 2013/04/13 16:01、Scott Long のメッセージ:
>
>> Maybe something else, but whatever it is, it should be done. If you and
>> Gleb don't want to do this, I will.
>
> I already started writing a guide. See here for a very incomplete version:
>
> http://people.fre
20 matches
Mail list logo
