PF/ALTQ

Max Laier max at love2party.net
Sat May 8 04:00:19 PDT 2004 

On Saturday 08 May 2004 03:43, Matthew Dillon wrote:
> :Does anyone here have any plans to import PF and ALTQ into FreeBSD? It's
> : now in FreeBSD 5.x base, so it shouldnt be too hard to import?
> :
> :Max Laier made a test import and it worked out pretty well, but it looks
> :like he's too buys at these times to import it for us. I also know that
> : Matt don't want things like security prioritized at this stage, but it
> : still would be nice to have the features. Alot of people are using
> : OpenBSD on their gateways/firewalls just because of PF/ALTQ.

Yes. That is the case indeed. I could hack together a new test import, but I 
do not believe that this would serve the project well. With the ongoing work 
in your netstack, it'd be much more reasonable to implement a quite different 
firewall. Anyhow, it sure is possible to modify pf to work *well* in 
DragonFly environment. As Erik said, I am just a bit busy ... if you need 
pointers, though, feel free to ask (that's the main reason why I did not ask 
to remove me from the "team" list, but a note that I am not actively working 
on it might be sensable?!).

> :And some of us tries to run DragonFly on all boxes they can, just to help
> :out with bug reporting :)
> :
> :Erik
>
>     Well, more like it's not a priority for *me*, yet.  There's still a lot
>     of basic infrastructure that needs to get done before I can turn my
>     attention to higher level things.  This certainly does not prevent
> others from working on the issue, though.
>
>     If it can be done as a module, and does not interfere with Jeff's work,
>     it can go into the system at any time.  Otherwise I would suggest
> waiting a few more weeks to let Jeff get farther along with the network
> stack before we start ripping up the kernel again with PF/ALTQ.

Pf will work as a module, provided you do something about interface address 
changes and interface arrival/leave events. ALTQ will not, but as far as I am 
familiar with Jeff's work, it will not interfere. I suggest that you import 
only disciplines that support pf_altq mode which is even less disruptive.

Questions welcome, just allow me some time to answer them.

-- 
Best regards,				| mlaier at xxxxxxxxxxx
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier at EFnet
Attachment:
pgp00003.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00003.pgp
Type: application/octet-stream
Size: 187 bytes
Desc: "Description: signature"
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20040508/0a5049ce/attachment-0014.obj>

More information about the Kernel mailing list