OT: firewall technology (was Re: [PLUG] Good link...)

Chris Jantzen chris at maybe.net
Tue Sep 14 14:53:02 PDT 2004


On Tue, Sep 14, 2004 at 01:54:44PM -0700, Charlie Schluting wrote:
> Rich Shepard wrote:
> >On Tue, 14 Sep 2004, Roderick A. Anderson wrote:
> >
> >>Is the BSD pf similar to ip ( filter|tables )?
> >
> 
> No, the syntax is actually logical and easy to understand.
> 
> pf/ipf are far superior, but if you want rate-limiting, you'll need to 
> add altq (for pf) or use ipfw (with dummynet) instead.

I'm sorry. I consider that flamebait. I find netfilter to be perfectly
easy to understand and extremely logical. I just read the pf FAQ on
openbsd.org and I see there are some plusses and minuses to its
syntax, but I'd never call it "far superior".

Now, perhaps you are confusing netfilter with iproute2 (which is
principally used for shaping), for which I will make no apologies.

-- 
chris kb7rnl =->
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.pdxlinux.org/pipermail/plug/attachments/20040914/33c03086/attachment.sig>


More information about the PLUG mailing list