[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  mathias dot buren at gmail dot com
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ip/ipf
 Date:  Wed, 14 Sep 2005 19:36:33 -0400
On 9/14/05, Mathias Burén <mathias dot buren at gmail dot com> wrote:
> Hi there!
> I was just wondering, uhm, m0n0wall currently (1.2b10) uses pf
> (packetfilter), right? There's also ipf (IP Filter) in *BSD... I was
> wondering why m0n0wall doesn't use ipf instead of pf! I don't know
> why/if it should, just a question. Would it take much to rewrite
> m0n0wall for ipf? Well, I guess it would if it used a different
> syntax... Maybe a wrapper could be written for it (like a script.sh
> file which took inputs and made ipf commands out of the inputs).
> Would 'we' benefit from having ipf in m0n0wall instead of pf?

It already is ipf, and always has been.  Honestly, pf is a much
superior packet filter in most every way, so if the above was true I'd
ask "why bother"?  :)  Can't say that I have any experience with ipf
4.x, though I hear it's buggier than 3.x and 3.x has enough quirks
already (4.x adds many of the important features pf has that ipf 3.x
is lacking).

After 1.2 is released, Manuel is going to start a discussion here on
the OS and packet filter for the next m0n0wall version.