PF/ALTQ
Max Laier
max at love2party.net
Sat May 8 04:00:19 PDT 2004
On Saturday 08 May 2004 03:43, Matthew Dillon wrote:
> :Does anyone here have any plans to import PF and ALTQ into FreeBSD? It's
> : now in FreeBSD 5.x base, so it shouldnt be too hard to import?
> :
> :Max Laier made a test import and it worked out pretty well, but it looks
> :like he's too buys at these times to import it for us. I also know that
> : Matt don't want things like security prioritized at this stage, but it
> : still would be nice to have the features. Alot of people are using
> : OpenBSD on their gateways/firewalls just because of PF/ALTQ.
Yes. That is the case indeed. I could hack together a new test import, but I
do not believe that this would serve the project well. With the ongoing work
in your netstack, it'd be much more reasonable to implement a quite different
firewall. Anyhow, it sure is possible to modify pf to work *well* in
DragonFly environment. As Erik said, I am just a bit busy ... if you need
pointers, though, feel free to ask (that's the main reason why I did not ask
to remove me from the "team" list, but a note that I am not actively working
on it might be sensable?!).
> :And some of us tries to run DragonFly on all boxes they can, just to help
> :out with bug reporting :)
> :
> :Erik
>
> Well, more like it's not a priority for *me*, yet. There's still a lot
> of basic infrastructure that needs to get done before I can turn my
> attention to higher level things. This certainly does not prevent
> others from working on the issue, though.
>
> If it can be done as a module, and does not interfere with Jeff's work,
> it can go into the system at any time. Otherwise I would suggest
> waiting a few more weeks to let Jeff get farther along with the network
> stack before we start ripping up the kernel again with PF/ALTQ.
Pf will work as a module, provided you do something about interface address
changes and interface arrival/leave events. ALTQ will not, but as far as I am
familiar with Jeff's work, it will not interfere. I suggest that you import
only disciplines that support pf_altq mode which is even less disruptive.
Questions welcome, just allow me some time to answer them.
--
Best regards, | mlaier at xxxxxxxxxxx
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier at EFnet
Attachment:
pgp00003.pgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pgp00003.pgp
Type: application/octet-stream
Size: 187 bytes
Desc: "Description: signature"
URL: <http://lists.dragonflybsd.org/pipermail/kernel/attachments/20040508/0a5049ce/attachment-0020.obj>
More information about the Kernel
mailing list