tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Is IPF maintained? (was: Removing PF)
On Mon, Apr 01, 2019 at 11:35:00AM +0200, Edgar Fuß wrote:
> > What makes you think there are not maintainers of ipf?
> > Because there's not been any commits for some time?
> Because anyone close to a maintainer would have pulled up kern/52469 to -7.
That would be more the commiter's job. But if someone can test a patch,
I can look at it.
> Because anyone close to a maintainer would have answered kern/52471.
Really, there is little information in this PR. I guess nobody tried to guess
what the author means (I certainly wont).
>
> > Actually I'm not aware of show-stopper bugs in ipf, and I run several servers
> > (netbsd-8) facing internet, with ipv6 and quite a bit of traffic.
> So, with -8, you at least have the fix to kern/52469.
>
> I don't know about the version in -8, but (from memory)
> -- ipftest doesn't correctly reflect the real behaviour
I didn't play much with ipftest. But in any case this doesn't prevent
using ipf
> -- rule numbers in ipfstat sometimes don't match
that's an annoyance, but it doens't prevent using it
> -- keep state doesn't work with ICMP6
I avoid keep-state as much as possible, and actually use it only for UDP.
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--
Home |
Main Index |
Thread Index |
Old Index