On Thu, Nov 07, 2002 at 05:28:30PM +0100, Martin Husemann wrote:
> On Thu, Nov 07, 2002 at 05:18:38PM +0100, Joel Wilsson wrote:
> 
> > You're missing the point. I wanted to learn more about the kernel, and this
> > was a great little project to do so.
> 
> That's OK, and noone is going to blame you for that. It's just that most
> people here probably don't know details about pf - we all run ipf ;-}
> 
> > Of course, but that wouldn't give exactly the same features as pf, and no
> 
> And here is a point where you could help all people to learn: now that you
> did the pf port, you probably have a good idea how it compares to ipf and
> what features one has that the other doesn't. Could you summarize that?
> 
> Martin

Heh, not really. I do have a good idea about how an IP packet goes through
the kernel, how timeouts, fragmentation, and a few other things work, which I
didn't know before.

However, I didn't need to touch any code that decides whether or not a packet
should be dropped or not, and since I don't know much about ipf, I don't want
to attempt to compare them to each other.

I simply wouldn't be able to do a fair comparison. Someone who has a lot of
experience with both ipf and pf should do that, and I'm sad to say I do not.