On Thu, 09 Jan 2003, Srebrenko Sehic wrote:
> > 4) I've never used authpf, but I wonder why authpf does not
> > call the pfctl binary, to have the benefit of code reuse without
> > that tricky sharing of files. Combining binaries is usually the
> > Unix way, I believe.
>
> pfctl does not support inserting rules on the fly and authpf needs that.
> On the other hand, the overhead of having that would be too big.
>
I run an ISP that is almost totally OpenBSD. While i understand the
need for pfctl to be lightweight, it would be VERY nice to have a
utility to add or delete a temporary rule when an attack is on.
...Guess i should take a look at the authpf and pfctl code....
Marina Brown
> // haver
--
==========================================================================
"Speculators may do no harm as bubbles on a steady stream of enterprise.
But the position is serious when the enterprise becomes the bubble on a
whirlpool of speculation. When the capital development of a country
becomes a by-product of the activities of a casino, the job is likely
to be ill-done".
John Maynard Keynes.
"The General Theory of Employment, Interest and Money". 1936
===========================================================================
