Re: kern/50809: pf panics while purging state

[Brad Spencer <brad%anduin.eldar.org@localhost>]

   christos%zoulas.com@localhost (Christos Zoulas) wrote:
   > 
   > If we are not going to maintain them or spend cycles try to fix the
   > bugs people report, we should get people to use npf which we actively
   > maintain. For that we need to get npf to have feature parity with the
   > other packet filters. Hauke can you try switching in this case?
   > 

   I have not had enough time recently to work on the feature parity
   recently, but I am more than happy to spread the knowledge on the
   NPF internals and help with the work.  I also have some unfinished
   patches which add features; they need some mechanical completion
   and just testing really.

   -- 
   Mindaugas



I probably use IPF in a somewhat unusual manor, but the only reason I
don't use NPF is the seemly lack of BRIDGE_IPF.  I have placed an IPF
filter in between me and the Internet with another system lower down doing
NAT, and internal routing and more firewalling.  I actually have a small
set of fully routable IPs that live on systems and would rather not do NAT
on the edge if I can help it, nor would I like to maintain firewall sets
on these systems for those things I would like to prevent from leaving or
prevent from entering the edge network.



-- 
Brad Spencer - brad%anduin.eldar.org@localhost - KC8VKS
http://anduin.eldar.org  - & -  http://anduin.ipv6.eldar.org [IPv6 only]