any interest in importing pf?
Robert Watson
rwatson at FreeBSD.org
Thu Nov 6 21:57:02 PST 2003
On Thu, 6 Nov 2003, Brooks Davis wrote:
> On Thu, Nov 06, 2003 at 11:18:56PM -0500, GeekGod wrote:
> > "Bernhard Valenti" <bernhard.valenti at xxxxxxx> wrote in message
> > news:<3FAAD0FE.5000909 at xxxxxxx>...
> > > I'm using IPFilter but recently looked at PF, and seems like PF can do
> > > the same as IPFilter and more. So i would like to have PF even if its
> > > instead of IPFilter. Also, the rules are somewhat compatible...
> >
> > IPFW2 works wonders for me, personally. My only beef about the
> > current FreeBSD/DF IPFW/NATD situation is that the NATD binary is
> > separate from the kernel and is not really optimised AFAIKT. I've
> > always sat back and marveled at the fact that PF/IPFILTER and all
> > the other guys out there (IPCHAINS) has enjoyed NATD support built
> > into the kernel. My only request(well, maybe only 1) would be that a
> > project is formed to help move the current NATD userland binary into
> > kernel-land or another optimized framework.
>
> FYI, someone is working on a netgraph node to do NAT in FreeBSD.
And the ipfilter code in the FreeBSD tree does NAT in-kernel, and the pf
port also has NAT support. And I think someone is doing NAT for ipfw2 as
well. So I guess there will be lots of choices, if nothing else...
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert at xxxxxxxxxxxxxxxxx Network Associates Laboratories
More information about the Kernel
mailing list