ipfilter(4) needs maintainer
Joe Holden
lists at rewt.org.uk
Sun Apr 14 18:55:50 UTC 2013
wishmaster wrote:
> --- Original message ---
> From: "Gary Palmer" <gpalmer at freebsd.org>
> Date: 14 April 2013, 19:06:59
>
>
>> On Sun, Apr 14, 2013 at 09:48:33AM -0600, Warren Block wrote:
>>> Is it possible to move ipfilter into a port?
>> That may work short term, but the ENOMAINTAINER problem will quickly creep
>> up again as kernel APIs change. If the author has lost interest in
>> maintaining the FreeBSD port of ipfilter then unless someone steps forward
>> to carry on the work, I don't see much of a future for ipfilter in
>> FreeBSD
>>
>> Do we honestly need three packet filters?
>
> Yes! This is the most clever thought in this thread. Why we need 3 firewalls? Two packet filters it's excess too.
> We have two packet filters: one with excellent syntax and functionality but with outdated bandwidth control mechanism (aka ALTQ); another - with nice traffic shaper/prioritization (dummynet)/classification (diffused) but with complicated implementation in not trivial tasks.
> May be the next step will be discussion about one packet filter in the system?..
>
> Cheers,
For non-nat ipfw is still superior in every way, numbered rules (think:
scripts), dummynet, much faster than pf, syntax is a lot nicer and
predictable...
Does anyone even use ipf? it doesn't even work on Linux anymore, junk it
and keep pf+ipfw, job done.
More information about the freebsd-current
mailing list