Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 31 Jul 2014 08:42:04 -0400
From:      Jerry <jerry@seibercom.net>
To:        freebsd-questions@freebsd.org
Subject:   Re: Future of pf / firewall in FreeBSD ? - does it have one ?
Message-ID:  <20140731084204.70f54672@scorpio>
In-Reply-To: <53DA304E.6020105@herveybayaustralia.com.au>
References:  <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> <201407201230590265.00B479C4@smtp.24cl.home> <20140729103512.GC89995@FreeBSD.org> <53DA304E.6020105@herveybayaustralia.com.au>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
--Sig_/vWUJ9q_pKmFllUy+DadfN_D
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Thu, 31 Jul 2014 22:02:22 +1000, Da Rock stated:

>Without diminishing your efforts so far, what do you think about=20
>pitching all efforts into IPFW to combine effort and reduce overhead of=20
>maintaining separate firewalls in the core? Is there an advantage to=20
>having our own pf?

The advantage is obvious -- you would have total control over the code. The
disadvantage is that there is no one else to blame if it goes south.

I use IPFW exclusively. I am by no means an expert, but I have figured out
how to get it working without having to read reams of documentation. There
are several examples that can be used and boilerplate's to be found on the
FreeBSD site. I believe that those examples could be updated and perhaps a
few others added, but it is certainly a good start.

I have always believed that if you are not going to do something right, then
don't do it at all. Continuing to maintain an application that is not fully
functional, and lets face it, "state of the art", is just an example of
futility.

There are always going to be those 10% of users who are going to bitch and
moan like a group of whiny high school girls. Forget them. They will
eventually get on board. Hell, there are morons who would consider this a
l=C3=A8se majest=C3=A9, as they no doubt did when cities changed from gas l=
ights to
electric one.

The inability or unwillingness to evolve and change leads to extinction.

--=20
Jerry

--Sig_/vWUJ9q_pKmFllUy+DadfN_D
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJT2jmlAAoJEElTsHIJnX8e+nEH/iYSePb2IXYlcgzjYNn/qrKh
VpLHJQtgUaiRu6WkzmY62BSuECBGdI2FPvCaj0JGHUyewiPVixli+1GgTfKkjxMe
p5mBE/1Bqq6Bvq6enxon4wtQB68f0KDHyiRVPS0eHKMruiaSMzYYMZAlPPBGVFnq
LASpH+BgVrwCHONiif5r+Lz0CJBnz8FYwLsOgR9azxfh3B4keKAzY+7Rhpn6rksL
1y2dxC0pELwKdxEOKFiXnNL7GhS29bdiRPUdoLAYSrg5gIyKTui8gzxX8736j5H8
z8xpHIX/UPrwUBeoYyQddnaUajWugNtqKHYXtwNnriqL/1FnxYvsgRfkDPGIH0s=
=uJoW
-----END PGP SIGNATURE-----

--Sig_/vWUJ9q_pKmFllUy+DadfN_D--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20140731084204.70f54672>