| From: | Brooks Davis <brooks@xxxxxxxxxxxxxxxxxx> |
| Date: | Thu, 6 Nov 2003 20:46:57 -0800 |
On Thu, Nov 06, 2003 at 11:18:56PM -0500, GeekGod wrote: > "Bernhard Valenti" <bernhard.valenti@xxxxxxx> wrote in message > news:<3FAAD0FE.5000909@xxxxxxx>... > > I'm using IPFilter but recently looked at PF, and seems like PF can do > > the same as IPFilter and more. So i would like to have PF even if its > > instead of IPFilter. Also, the rules are somewhat compatible... > > IPFW2 works wonders for me, personally. My only beef about the > current FreeBSD/DF IPFW/NATD situation is that the NATD binary is > separate from the kernel and is not really optimised AFAIKT. I've > always sat back and marveled at the fact that PF/IPFILTER and all > the other guys out there (IPCHAINS) has enjoyed NATD support built > into the kernel. My only request(well, maybe only 1) would be that a > project is formed to help move the current NATD userland binary into > kernel-land or another optimized framework. FYI, someone is working on a netgraph node to do NAT in FreeBSD. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
Attachment:
pgp00003.pgp
Description: PGP signature