From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:01:42 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 9686E16A4CF; Thu, 16 Sep 2004 04:01:42 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 28103 invoked by uid 1005); 23 Feb 2004 09:33:36 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 28100 invoked from network); 23 Feb 2004 09:33:36 -0000 Received: from moutng.kundenserver.de (212.227.126.185) by p50839aba.dip.t-dialin.net with SMTP; 23 Feb 2004 09:33:36 -0000 Received: from [212.227.126.147] (helo=mxng04.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1AvCOt-0005WM-00 for max@vampire.homelinux.org; Mon, 23 Feb 2004 10:29:19 +0100 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng04.kundenserver.de with esmtp (Exim 3.35 #1) id 1AvCOt-0006kr-00 for max@love2party.net; Mon, 23 Feb 2004 10:29:19 +0100 Received: from turing (localhost [127.0.0.1])ESMTP id 63CBE394B56; Mon, 23 Feb 2004 04:26:53 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Mon, 23 Feb 2004 04:26:37 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from ns.kt-is.co.kr (ns.kt-is.co.kr [211.218.149.125]) ESMTP id 829C23949C8 for ; Mon, 23 Feb 2004 04:26:33 -0500 (EST) Received: from michelle.kt-is.co.kr (ns2.kt-is.co.kr [220.76.118.193]) (authenticated bits=128) by ns.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i1N9GjAh075372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Mon, 23 Feb 2004 18:16:45 +0900 (KST) Received: from michelle.kt-is.co.kr (localhost.kt-is.co.kr [127.0.0.1]) by michelle.kt-is.co.kr (8.12.10/8.12.10) with ESMTP id i1N9Srlp001666 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 23 Feb 2004 18:28:53 +0900 (KST) (envelope-from yongari@kt-is.co.kr) Received: (from yongari@localhost) by michelle.kt-is.co.kr (8.12.10/8.12.10/Submit) id i1N9SqIJ001665 for pf4freebsd@freelists.org; Mon, 23 Feb 2004 18:28:52 +0900 (KST) (envelope-from yongari@kt-is.co.kr) From: Pyun YongHyeon To: pf4freebsd@freelists.org Message-ID: <20040223092852.GB1280@kt-is.co.kr> References: <20040223095859.0a2de410.dpphln@tin.it> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040223095859.0a2de410.dpphln@tin.it> User-Agent: Mutt/1.4.1i X-Filter-Version: 1.11a (ns.kt-is.co.kr) X-archive-position: 277 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: yongari@kt-is.co.kr Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-Provags-Forward: max@love2party.net -> max@vampire.homelinux.org X-UID: 395 X-Length: 4509 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:05:47 +0000 Subject: [pf4freebsd] Re: pf backport to freebsd 4.x? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:01:42 -0000 X-Original-Date: Mon, 23 Feb 2004 18:28:52 +0900 X-List-Received-Date: Thu, 16 Sep 2004 04:01:42 -0000 On Mon, Feb 23, 2004 at 09:58:59AM +0000, DrumFire wrote: > Hi all, >=20 > first of all, I'd like to thank you for the great job that you > have done to port pf on FreeBSD 5.x. >=20 > It's possible to port pf on FreeBSD 4.x also? >=20 Yes. But, there is already pf on FreeBSD 4.x in KAME tree. You can try it when you need pf on FreeBSD 4.x. > When I propose to some people to try pf as packet filter, they > answer me that can't, because their use a 4.x stable branch as > firewall instead of a 5.x branch. > So if you can port pf on a 4.x branch, I think that more people > will try pf :) >=20 The main reason I did not port pf to FreeBSD 4.x branch was: 1. I don't use 4.x at all 2. there is much kernel differences between 4.x and 5.x 3. needs kernel patch for 4.x which discourages users from adopting pf 4. lack of time(I have full time job) Now Max Laier has commit bit and he already committed a fix to use pf without setting "net.inet.ip.forwarding=3D1" in rdr rule. This will fix the issue requiring forwards for rdrs in local system. (e.g. rdr ... -> 127.0.0.1 port 25) He will try to bring pf into tree. Maybe upcoming 5.3R will be the first stable release on 5.x road map. When it happen more users move to 5.x and we will get more pf users.(IMO) >=20 Thanks. Regards, Pyun YongHyeon --=20 Pyun YongHyeon