Re: Removing PF

To: tech-kern%netbsd.org@localhost
Subject: Re: Removing PF
From: mlh%goathill.org@localhost (MLH)
Date: Tue, 2 Apr 2019 14:46:19 -0400 (EDT)

I continue to use pf and not npf because :

1) I couldn't get std rulesets to seem to work (been a while though)
2) no port redirection
3) dynamic ruleset use didn't appear to be adequate
4) greylisting (not just email) for custom stuff that I can't see
   how to support in npf.
5) Needs far more documentation and help than I have seen.

I would like to move to npf as some future features look nice (SYN
floods, DoS attacks, etc). However, in addition to std rulesets,
etc, I use log followers to block attacks. While not the main
security, they really help hold down traffic, etc. and I'm not
anywhere near willing to give them up. I tried using blacklistd
but never could get it to work (also been a while).

Follow-Ups:
- Re: Removing PF
  - From: Maxime Villard

Prev by Date: Re: Removing PF
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index