DragonFly kernel List (threaded) for 2005-02
037632.9040502@xxxxxxx> <4203b709$0$718$415eb37d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <420499A1.5070801@xxxxxxx> <420e4e39$0$715$415eb37d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <420F6729.9090901@xxxxxxx> <86psz4dxbq.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
X-Trace: 1108334598 crater_reader.dragonflybsd.org 717 220.127.116.11
Xref: crater_reader.dragonflybsd.org dragonfly.kernel:7699
Eric Masson wrote:
> - AltQ is used by Free/Net/Open/DFly
> - PF is used by Free/Net/Open/DFly and KAME project uses it as a packet
> classifier for AltQ and ipsec engine.
> - Integrated PF/AltQ has a *really* clear and concise setup file.
> - *Useful* docs are available easily.
> - PF is the only packet filter that has been locked easily for smpng in
> FreeBSD-5 and later, thanks to a clean codebase. So it should be easy
> for DFly developpers to achieve the same goal.
> - Many developpers are working on it and are quite responsive to bug
> reports or feature requests.
> Check these assertions for ipfw/ipfilter. Enough ?
> Éric Masson
The thing that people often forget about ipfilter is that it is one of
the only cross platform firewalls around. It runs on all the BSDs +
Solaris, Linux (I think now), + most other unixs. This is important to
some people. It is just a shame that development is slow; it does still
happen but is just very slow.
Note that the pf rule syntax is also quite similar to ipfilter but IMHO
much improved. I am in the progress of moving my ipfilter firewall to pf
but only because I want ALTQ.