PF concerns again

Gergo Szakal bastyaelvtars at gmail.com
Wed Aug 16 04:25:40 PDT 2006


I would like to use DragonflyBSD as a filtering bridge. Bridging works 
all right, so does PF - except for active FTP. I know I could use 
ftp-proxy (from within inetd), but ftp-proxy is not an elegant solution, 
and rdr rules are ignored on bridges as far as I know. The solution 
would be ftpsesame ( http://www.sentia.org/projects/ftpsesame/ ), which 
is in pkgsrc-wip, but that does not compile, and on the pkgsrc-review 
list my mails regarding this are (almost) repetitively ignored. Anyway, 
this is not a place to complain.

My concerns:

1) The update process to OpenBSD 3.9's PF has started (according to 
Simon). Will this also invoke adding the revamped ftp-proxy to the base 
system?
2) How about adding ftpsesame to the base system? It is BSD-licensed, 
and compiles in a few secs. If so, it should also have a rc script, and 
in rc.conf it could have variables like: ftpsesame="YES" 
ftpsesame_options="-i ed0" (this is also relevant if it just gets fixed 
in pkgsrc).

Thanks for the answers, and sorry for bothering again, but I think these 
subject are important from the usability point of view.





More information about the Users mailing list