On Wed, Nov 19, 2008 at 06:00:58PM +0200, Cem Kayali wrote: > > I've been using pf and pflogd enabled kernels and pf for about a year on > both i386 amd64 systems, and havent see any problem... though i have > simple pf rules. > > Regards, > Cem > > > > Dave B, 11/19/08 16:41: >> I don't know the answer to why it's not enabled by default; >> although I seem to recall reading on the lists that there were >> problems, historically at least, with pf's interaction with other >> subsystems--when statically compiled into the kernel. As an >> lkm(4), however, pf works well. [snip] As I recall, when I upgraded my gw to 4.0, I put ipf and pf statically in my custom kernel to facilitate a transition from one to the other. However it turns out ipnat would not work at all with pf in the kernel forcing me to switch at once. Using only pf works (you may not even have to ipf -D). My memory is a little hazy on the details though. I suspect it's also true for ipf firewalling rules. Staffan -- Staffan Thomen 1024D/7C7E2EF8 Sed quis custodiet ipsos Custodes?
Description: PGP signature