[ previous ] [ next ] [ threads ]
 
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] ip/ipf
 Date:  Thu, 15 Sep 2005 04:07:01 +0200 
PF run since more than 8 months on a dual GigE machine with an average 
load of 180Mbps without a hick.

PF on m0n0wall would be (personally) really appreciated.
I think about pfsync and the carp integration to provide 
stateful-failover between two firewalls.
The load-balancing features are not bad too.

I guess this would raise m0n0wall from the SOHO firewall to the top 
league...

Daniele

edward mzj wrote:
> ipf v3.4.35 is the stablest one.
> 
> it is said pf will crash under very heavy load
> 
> 2005/9/15, Chris Buechler <cbuechler at gmail dot com>:
> 
>>On 9/14/05, Mathias Burén <mathias dot buren at gmail dot com> wrote:
>>
>>>Hi there!
>>>
>>>I was just wondering, uhm, m0n0wall currently (1.2b10) uses pf
>>>(packetfilter), right? There's also ipf (IP Filter) in *BSD... I was
>>>wondering why m0n0wall doesn't use ipf instead of pf! I don't know
>>>why/if it should, just a question. Would it take much to rewrite
>>>m0n0wall for ipf? Well, I guess it would if it used a different
>>>syntax... Maybe a wrapper could be written for it (like a script.sh
>>>file which took inputs and made ipf commands out of the inputs).
>>>Would 'we' benefit from having ipf in m0n0wall instead of pf?
>>>
>>
>>It already is ipf, and always has been.  Honestly, pf is a much
>>superior packet filter in most every way, so if the above was true I'd
>>ask "why bother"?  :)  Can't say that I have any experience with ipf
>>4.x, though I hear it's buggier than 3.x and 3.x has enough quirks
>>already (4.x adds many of the important features pf has that ipf 3.x
>>is lacking).
>>
>>After 1.2 is released, Manuel is going to start a discussion here on
>>the OS and packet filter for the next m0n0wall version.
>>
>>-Chris
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

-- 



	best regards

------------------------------------------------------------------
Daniele Guazzoni
Senior Network Engineer, CCNA, CCNP

Ackersteinstrasse 203
CH-8049 Zurich
------------------------------------------------------------------
"Destiny is not a matter of chance, it is a matter of choice;
it is not a thing to be waited for, it is a thing to be achieved."
					William Jennings Bryan