On Thu, 09 Jan 2003, Srebrenko Sehic wrote: > > 4) I've never used authpf, but I wonder why authpf does not > > call the pfctl binary, to have the benefit of code reuse without > > that tricky sharing of files. Combining binaries is usually the > > Unix way, I believe. > > pfctl does not support inserting rules on the fly and authpf needs that. > On the other hand, the overhead of having that would be too big. >
I run an ISP that is almost totally OpenBSD. While i understand the need for pfctl to be lightweight, it would be VERY nice to have a utility to add or delete a temporary rule when an attack is on. ...Guess i should take a look at the authpf and pfctl code.... Marina Brown > // haver -- ========================================================================== "Speculators may do no harm as bubbles on a steady stream of enterprise. But the position is serious when the enterprise becomes the bubble on a whirlpool of speculation. When the capital development of a country becomes a by-product of the activities of a casino, the job is likely to be ill-done". John Maynard Keynes. "The General Theory of Employment, Interest and Money". 1936 ===========================================================================