Re: Is IPF maintained? (was: Removing PF)

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Mon, Apr 01, 2019 at 11:35:00AM +0200, Edgar Fuß wrote:
> > What makes you think there are not maintainers of ipf?
> > Because there's not been any commits for some time?
> Because anyone close to a maintainer would have pulled up kern/52469 to -7.

That would be more the commiter's job. But if someone can test a patch,
I can look at it.

> Because anyone close to a maintainer would have answered kern/52471.

Really, there is little information in this PR. I guess nobody tried to guess
what the author means (I certainly wont).

> 
> > Actually I'm not aware of show-stopper bugs in ipf, and I run several servers
> > (netbsd-8) facing internet, with ipv6 and quite a bit of traffic.
> So, with -8, you at least have the fix to kern/52469.
> 
> I don't know about the version in -8, but (from memory)
> -- ipftest doesn't correctly reflect the real behaviour

I didn't play much with ipftest. But in any case this doesn't prevent
using ipf

> -- rule numbers in ipfstat sometimes don't match

that's an annoyance, but it doens't prevent using it

> -- keep state doesn't work with ICMP6

I avoid keep-state as much as possible, and actually use it only for UDP.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--