On Tue, 26 Jun 2001, Jim Rosenberg wrote:
> Latest word from Theo and the crew is that OpenBSD will "have its own"
> solution to replace IPFilter -- presumably as of 2.10, or sufficiently
> late 2.9-current.
one has been imported and a coding frenzy is going on. pf, a reasonably
mature project, was chosen:
http://www.benzedrine.cx/pf.html
http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c
(right now its been less than half an hour since a commit was made.)
> They are coding away. Based on OpenSSH, I think everyone in the
> OpenBSD world has expectations of a quality replacement for IPFilter.
yep. that was one of the explicit goals.
> I haven't heard yet whether they are committed to using the same
> interface for rule sets.
in fact pf is rule syntax compatable with ipf, though its not yet fully
featured as ipf is (ie no return-icmp, but it is stateful).
wan't sure this was common knowledge yet. its been ripping through the
tight OpenBSD community in the past 48 hours. :)
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
