Re: pf OR ipf ?

From: Crist J. Clark (cjc@FreeBSD.ORG)
Date: 03/28/02

• Next message: Crist J. Clark: "Re: make world and setuid bits"
• Previous message: Moti Levy: "How can I erase my fingertips ."
• In reply to: Attila Nagy: "Re: pf OR ipf ?"
• Next in thread: kerberus: "Re: pf OR ipf ?"
• Reply: kerberus: "Re: pf OR ipf ?"
• Reply: Scott Lampert: "Re: pf OR ipf ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Mar 2002 12:12:00 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Attila Nagy <bra@fsn.hu>

On Thu, Mar 28, 2002 at 01:20:40PM +0100, Attila Nagy wrote:
> Hello,
>
> > pf currently runs only on OpenBSD. Jordan Hubbard has expressed
> > annoyance with the fact that there are now three filters (ipfw, ipf and
> > pf) so it seems unlikely that FreeBSD is going to port it.
> I'm sad to hear that. I think diversity is a good thing. With FreeBSD if
> you are paranoid you can set up your firewall rules in two packet filters,
> which has a different codebase. So if one fails, it is unlikely that the
> other will too.
> I think it is good to have more than one packet filter in the kernel :)
>
> With PF some more features could be also ported, like the bridge support.
> And that would be a good thing also.

There is nothing special about PF that makes bridge support
easier. Afterall, there is mature bridging support for IPFilter in
OpenBSD. I also recently committed a hack for IPFilter bridging
support in -CURRENT. I'll put the -STABLE patches on the website
listed in the headers and .sig today if anyone wants 'em.

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Crist J. Clark: "Re: make world and setuid bits"
• Previous message: Moti Levy: "How can I erase my fingertips ."
• In reply to: Attila Nagy: "Re: pf OR ipf ?"
• Next in thread: kerberus: "Re: pf OR ipf ?"
• Reply: kerberus: "Re: pf OR ipf ?"
• Reply: Scott Lampert: "Re: pf OR ipf ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: pf OR ipf ? ... >>> pf currently runs only on OpenBSD. ... >>> pf) so it seems unlikely that FreeBSD is going to port it. ... >> With PF some more features could be also ported, like the bridge support. ... safety deserve neither liberty nor safety." ... (FreeBSD-Security) FreeBSD Security Advisory FreeBSD-SA-02:26.accept ... application to request that the kernel pre-process incoming connections. ... No accept filters are enabled by default. ... either compile the FreeBSD kernel with a particular accept filter ... The following patch has been verified to apply to FreeBSD 4.5-RELEASE ... (FreeBSD-Security) FreeBSD Security Advisory FreeBSD-SA-02:26.accept ... application to request that the kernel pre-process incoming connections. ... No accept filters are enabled by default. ... either compile the FreeBSD kernel with a particular accept filter ... The following patch has been verified to apply to FreeBSD 4.5-RELEASE ... (Bugtraq) Re: pf OR ipf ? ... > annoyance with the fact that there are now three filters (ipfw, ... > pf) so it seems unlikely that FreeBSD is going to port it. ... you are paranoid you can set up your firewall rules in two packet filters, ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint