any interest in importing pf?
GeekGod
geekgod at geekgod.com
Thu Nov 6 20:18:56 PST 2003
"Bernhard Valenti" <bernhard.valenti at xxxxxxx> wrote in message
news:<3FAAD0FE.5000909 at xxxxxxx>...
> I'm using IPFilter but recently looked at PF, and seems like PF can do
> the same as IPFilter and more. So i would like to have PF even if its
> instead of IPFilter. Also, the rules are somewhat compatible...
IPFW2 works wonders for me, personally. My only beef about the current
FreeBSD/DF IPFW/NATD
situation is that the NATD binary is separate from the kernel and is not
really optimised AFAIKT.
I've always sat back and marveled at the fact that PF/IPFILTER and all the
other guys out there
(IPCHAINS) has enjoyed NATD support built into the kernel. My only
request(well, maybe only 1)
would be that a project is formed to help move the current NATD userland
binary into kernel-land
or another optimized framework.
I would even be interested in helping provide code to this project if we can
get clear direction
from Matt or others of the best way to accomplish this task within the
current/future DragonFly
framework. I understand that this binary may also reside in userland as it
is currently
written but would also be interested in ways of optimizing the code to stay
in userland and
utilize the new DF framework.
Other nice wish list items would be to have IPFW2 stateful backup for
FreeVRRP type failover situations as IPFILTER already has (and I'm sure PF
would have adopted this also at the rate
they are going).
Thanks,
GG
More information about the Kernel
mailing list