Brandon Mitchell wrote: > On the "nativity" side of things, pf *is* native in FreeBSD and is > present in base, as you know. It was simply developed by the OpenBSD > crew (ala OpenSSL and OpenSSH). If it ran on Linux or another UNIX > derivative, *then* it would need to be ported to the vastly different > internals of the new system. Between *BSDs, though, they share so much > architecturally, calling it a "port" is a bit of a misnomer.
True. I meant "native" more in the anthropological sense of where it originated, rather than the executable/platform sense. > Most *BSD users prefer pf for the syntactical legibility that other > firewall packages (read: ipfw) lack, and the featureset that is > competitive with most any commercial firewall on the market. I could > not live without it's integration with spamd (also OBSD developed) > to tarpit spammers based on procmail/SA filters on my mail servers. On the subject of legibility, this was always a hurdle for me with iptables. I could manipulate the switches and arguments and such enough to use the features I wanted, but was always unhappy with this interface and haven't used it for a packet filter for several years now. Has anyone found any better way to deal with this? Tim _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
