Time to let go of ipfilter

Edward O'Callaghan eocallaghan at auroraux.org
Sat Jan 22 01:09:47 PST 2011


I agree, however I have no doubt it will be added soon since this is
also a limitation for NetBSD usage of NPF as well.. more my point, +1
to EOL'ing older solutions that are no longer maintained or scalable.
One of the things that I myself consider a 'feature' of Dragonfly is
less old junk running in kernel space (both important on a security
and stability stand point) and a less bulky userland.

On 22 January 2011 19:23, Francois Tigeot <ftigeot at wolfpond.org> wrote:
> On Sat, Jan 22, 2011 at 06:43:19PM +1100, Edward O'Callaghan wrote:
>> From what I have seen of NPF and how it is more in-line with some of
>> DF's MP goals and is very neatly written for MP, I would say it would
>> make a worthy PF successor.
>
> I agree NPF seems very promising; howewer it has no support for IPv6
> yet.
> This is a really big show-stopper: we're only weeks (days ?) from
> depletion of the central IPv4 pool, and after that APNIC and RIPE pools
> will almost certainly not last until the end of the year.
>
> Without IPv6 support, NPF would be almost useless.
>
> --
> Francois Tigeot
>



-- 
--
Edward O'Callaghan
http://www.auroraux.org/
eocallaghan at auroraux dot org
---
()  ascii ribbon campaign - against html e-mail
/\                        - against microsoft attachments






More information about the Kernel mailing list