any interest in importing pf?

Max Laier max at love2party.net
Sun Nov 9 08:33:12 PST 2003


"Hiten Pandya" <hmp at xxxxxxxxxxxxx> schrieb im Newsbeitrag
news:3FAAC9F6.20502 at xxxxxxxxxxxxxxxx
> Jeremy Messenger wrote:
>
> > My thought of that... Anyone shouldn't replace or remove neither, but
just
> > add PF to have one more choice of firewall. :-) Unless, IPF and PF can't
> > play together nice, then it explains.
>
> Donno about this, but we will surely need to update the
> PFIL_HOOKS code in-order to bring in OpenBSD's Packet Filter.

Not neccessarly, but PFIL_HOOKS is a generalized API to hook off mbufs in
any place. It's good to have them IMO. If you go all the way and convert
ipfw, ipf and maybe netgraph to use PFIL_HOOKS the netcode gets much
cleaner. However, I don't know if the concept matches your netisr well (I
need some time to read).

> > If add PF, then it means one of you will have to bring ALTQ in too? CARP
> > will be insterest to play with too, btw.
>
> We don't have to bring in ALTQ, but it would be good to have it
> IMHO.  As far as CARP is concerned, I wonder if FreeVRRP by the
> KAME project is better than it or not, is still yet to be
> researched.

The OpenBSD guys tell me, that CARP will be part of KAME as well. Afaik
there are patent issues with VRRP?!
Plus, CARP has IPv6 and loadbalancing with make it superior to VRRP, imo.

----
Max







More information about the Kernel mailing list