Date: Thu, 28 Mar 2002 14:52:24 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Attila Nagy <bra@fsn.hu> Cc: Alex Holst <a@area51.dk>, <security@freebsd.org> Subject: Re: pf OR ipf ? Message-ID: <20020328144718.L24744-100000@patrocles.silby.com> In-Reply-To: <Pine.LNX.4.44.0203281308070.2202-100000@scribble.fsn.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 28 Mar 2002, Attila Nagy wrote: > Hello, > > > pf currently runs only on OpenBSD. Jordan Hubbard has expressed > > annoyance with the fact that there are now three filters (ipfw, ipf and > > pf) so it seems unlikely that FreeBSD is going to port it. > I'm sad to hear that. I think diversity is a good thing. With FreeBSD if > you are paranoid you can set up your firewall rules in two packet filters, > which has a different codebase. So if one fails, it is unlikely that the > other will too. > I think it is good to have more than one packet filter in the kernel :) > > With PF some more features could be also ported, like the bridge support. > And that would be a good thing also. > > --------[ Free Software ISOs - ftp://ftp.fsn.hu/pub/CDROM-Images/ ]------- > Attila Nagy e-mail: Attila.Nagy@fsn.hu > Free Software Network (FSN.HU) phone @work: +361 210 1415 (194) The primary reason that pf (and iptables, and Microsoft's win32 layer) have not been ported to FreeBSD is lack of developer time. If you believe that PF would be a good thing, go ahead and port it over. If the code was unobtrusive, I'm sure it would make it into the tree. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020328144718.L24744-100000>