[ previous ] [ next ] [ threads ]
 
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ip/ipf
 Date:  Thu, 15 Sep 2005 11:35:24 -0300 
PF is really a very good filter, but it lacks on support some protocols 
that breakes the OSI model on NATed environments, like ftp and H323. For 
this you must run a user-level daemons like ftp-proxy, so I think this 
is one of the main reasons why Manuel keeps ipf and ipfw.


Jean

edward mzj escreveu:
> sorry, but i mean pf on freebsd 5.x
> 
> 2005/9/15, Bryan K. Brayton <bryan at sonicburst dot net>:
> 
>>I run a constantly saturated 100Mbit line through a filtering bridge based on OpenBSD and PF...it
hasn't failed once on over 2 years of constant uptime, so I wouldn't say it will crash under very
heavy load.
>>
>>Just my $0.02
>>
>>-Bryan
>>
>>-----Original Message-----
>>From: edward mzj [mailto:edward dot mzj at gmail dot com]
>>Sent: Wednesday, September 14, 2005 9:14 PM
>>To: m0n0wall at lists dot m0n0 dot ch
>>Subject: Re: [m0n0wall] ip/ipf
>>
>>ipf v3.4.35 is the stablest one.
>>
>>it is said pf will crash under very heavy load
>>
>>2005/9/15, Chris Buechler <cbuechler at gmail dot com>:
>>
>>>On 9/14/05, Mathias Burén <mathias dot buren at gmail dot com> wrote:
>>>
>>>>Hi there!
>>>>
>>>>I was just wondering, uhm, m0n0wall currently (1.2b10) uses pf
>>>>(packetfilter), right? There's also ipf (IP Filter) in *BSD... I was
>>>>wondering why m0n0wall doesn't use ipf instead of pf! I don't know
>>>>why/if it should, just a question. Would it take much to rewrite
>>>>m0n0wall for ipf? Well, I guess it would if it used a different
>>>>syntax... Maybe a wrapper could be written for it (like a script.sh
>>>>file which took inputs and made ipf commands out of the inputs).
>>>>Would 'we' benefit from having ipf in m0n0wall instead of pf?
>>>>
>>>
>>>It already is ipf, and always has been.  Honestly, pf is a much
>>>superior packet filter in most every way, so if the above was true I'd
>>>ask "why bother"?  :)  Can't say that I have any experience with ipf
>>>4.x, though I hear it's buggier than 3.x and 3.x has enough quirks
>>>already (4.x adds many of the important features pf has that ipf 3.x
>>>is lacking).
>>>
>>>After 1.2 is released, Manuel is going to start a discussion here on
>>>the OS and packet filter for the next m0n0wall version.
>>>
>>>-Chris
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch