DragonFly BSD
DragonFly kernel List (threaded) for 2003-11
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: any interest in importing pf?

From: Robert Watson <rwatson@xxxxxxxxxxx>
Date: Fri, 7 Nov 2003 00:54:03 -0500 (EST)

On Thu, 6 Nov 2003, Brooks Davis wrote:

> On Thu, Nov 06, 2003 at 11:18:56PM -0500, GeekGod wrote:
> > "Bernhard Valenti" <bernhard.valenti@xxxxxxx> wrote in message
> > news:<3FAAD0FE.5000909@xxxxxxx>...
> > > I'm using IPFilter but recently looked at PF, and seems like PF can do
> > > the same as IPFilter and more. So i would like to have PF even if its
> > > instead of IPFilter. Also, the rules are somewhat compatible...
> > 
> > IPFW2 works wonders for me, personally.  My only beef about the
> > current FreeBSD/DF IPFW/NATD situation is that the NATD binary is
> > separate from the kernel and is not really optimised AFAIKT.  I've
> > always sat back and marveled at the fact that PF/IPFILTER and all
> > the other guys out there (IPCHAINS) has enjoyed NATD support built
> > into the kernel.  My only request(well, maybe only 1) would be that a
> > project is formed to help move the current NATD userland binary into
> > kernel-land or another optimized framework.
> FYI, someone is working on a netgraph node to do NAT in FreeBSD. 

And the ipfilter code in the FreeBSD tree does NAT in-kernel, and the pf
port also has NAT support.  And I think someone is doing NAT for ipfw2 as
well.  So I guess there will be lots of choices, if nothing else...

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@xxxxxxxxxxxxxxxxx      Network Associates Laboratories

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]