Subject: Re: ipf and pflkm
To: Rui Paulo <rpaulo@NetBSD.org>
From: Reinoud Koornstra <mipam@ux11.ltcm.net>
List: tech-net
Date: 09/17/2005 17:48:43
On Sat, 17 Sep 2005, Rui Paulo wrote:

> On 2005.09.17 13:42:06 +0000, Matthias Scheler wrote:
> | In article <20050917063721.GA7627@sunny>,
> | 	Water NB <netbsd78@126.com> writes:
> | > NetBSD has ipf
> | 
> | NetBSD 3.0_BETA and newer also include PF. You comment out
> | "pseudo-device ipfilter" and enable "pseudo-device pf".
> | 
> | > Which is better and more powerful?
> | 
> | PF:
> | - stable IPv6 support
> | - much more powerful configuration language
> | - support for proxy applications in userland
> | - traffic normalization
> | etc.
> 
> FYI, you can't do ALTQ + PF on NetBSD 3.0_BETA.
> 
I though it's also impossible to do ALTQ + IPF at the moment?
Speaking for IPF, i like this feature very much:

- destination and source address matching for map/rdr rules

I haven't seen this in PF, maybe i am very wrong in this, if so please 
correct me.
Bye,

Mipam.