setjmp/lonjmp

Devon H. O'Dell dodell at sitetronics.com
Sun Feb 13 23:08:23 PST 2005


On Sun, 2005-02-13 at 22:43 +0000, Cameron Murdoch wrote:
> Eric Masson wrote:
> > 
> > - AltQ is used by Free/Net/Open/DFly
> > - PF is used by Free/Net/Open/DFly and KAME project uses it as a packet
> >   classifier for AltQ and ipsec engine. 
> > - Integrated PF/AltQ has a *really* clear and concise setup file.
> > - *Useful* docs are available easily.
> > - PF is the only packet filter that has been locked easily for smpng in
> >   FreeBSD-5 and later, thanks to a clean codebase. So it should be easy
> >   for DFly developpers to achieve the same goal.
> > - Many developpers are working on it and are quite responsive to bug
> >   reports or feature requests.
> > 
> > Check these assertions for ipfw/ipfilter. Enough ?
> > 
> > Éric Masson
> > 
> 
> The thing that people often forget about ipfilter is that it is one of 
> the only cross platform firewalls around. It runs on all the BSDs + 
> Solaris, Linux (I think now), + most other unixs. This is important to 
> some people. It is just a shame that development is slow; it does still 
> happen but is just very slow.

I think it's a shame that all that cross-platform code is hidden in
endless rivers of unreadable preprocessor conditionals. Though it will
run on most systems, the code is not very maintainable from a practical
standpoint. In my opinion.

> Note that the pf rule syntax is also quite similar to ipfilter but IMHO 
> much improved. I am in the progress of moving my ipfilter firewall to pf 
> but only because I want ALTQ.
> 
> Cheers,
> 
> Cam








More information about the Kernel mailing list