Date: Thu, 28 Mar 2002 13:12:36 +0000 From: Dave Ryan <dave.ryan@eircom.net> To: security@freebsd.org Subject: Re: pf OR ipf ? Message-ID: <20020328131236.GB30961@default.eircom.net> In-Reply-To: <Pine.LNX.4.44.0203281308070.2202-100000@scribble.fsn.hu> References: <20020328064640.GA74780@area51.dk> <Pine.LNX.4.44.0203281308070.2202-100000@scribble.fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
Attila Nagy said the following on Thu, Mar 28, 2002 at 01:20:40PM +0100, > > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > > annoyance with the fact that there are now three filters (ipfw, ipf and > > pf) so it seems unlikely that FreeBSD is going to port it. > I'm sad to hear that. I think diversity is a good thing. With FreeBSD if > you are paranoid you can set up your firewall rules in two packet filters, > which has a different codebase. So if one fails, it is unlikely that the > other will too. > I think it is good to have more than one packet filter in the kernel :) Sure its always a good thing to add more code to your kernel. I would focus on bringing assurance to the existing code as opposed to porting in something else to perform the same function. > With PF some more features could be also ported, like the bridge support. > And that would be a good thing also. I fail to see the relevance in discussing PF on a FreeBSD mailing list, if you have suggestions sign on to tech or misc. What is so wrong with ipfw that there needs to be another packet filter brought under FreeBSD? I'm glad I have the option of pf on OpenBSD now, but I can't see a good reason to import it for the sake of yet another packet filter. I personally choose ipfw when running FreeBSD and I am very very happy with pf under OpenBSD. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328131236.GB30961>