DragonFly kernel List (threaded) for 2005-02
On Sun, 2005-02-13 at 22:43 +0000, Cameron Murdoch wrote:
> Eric Masson wrote:
> > - AltQ is used by Free/Net/Open/DFly
> > - PF is used by Free/Net/Open/DFly and KAME project uses it as a packet
> > classifier for AltQ and ipsec engine.
> > - Integrated PF/AltQ has a *really* clear and concise setup file.
> > - *Useful* docs are available easily.
> > - PF is the only packet filter that has been locked easily for smpng in
> > FreeBSD-5 and later, thanks to a clean codebase. So it should be easy
> > for DFly developpers to achieve the same goal.
> > - Many developpers are working on it and are quite responsive to bug
> > reports or feature requests.
> > Check these assertions for ipfw/ipfilter. Enough ?
> > Éric Masson
> The thing that people often forget about ipfilter is that it is one of
> the only cross platform firewalls around. It runs on all the BSDs +
> Solaris, Linux (I think now), + most other unixs. This is important to
> some people. It is just a shame that development is slow; it does still
> happen but is just very slow.
I think it's a shame that all that cross-platform code is hidden in
endless rivers of unreadable preprocessor conditionals. Though it will
run on most systems, the code is not very maintainable from a practical
standpoint. In my opinion.
> Note that the pf rule syntax is also quite similar to ipfilter but IMHO
> much improved. I am in the progress of moving my ipfilter firewall to pf
> but only because I want ALTQ.