[geeks] Routing problem: solution in progress
Jonathan C. Patschke
jp at celestrion.net
Wed Dec 27 00:08:12 CST 2006
On Tue, 26 Dec 2006, Sridhar Ayengar wrote:
>> I might take a look. I've not built a kernel for it yet. Too many
>> other distractions, and I am not bothered much by the stock kernel
>> yet.
>
> What's pf's big advantage over IPFilter? Performance? Simplicity?
> Shorter data path?
1) Tables, including external tables.
Tables are lists of IP addresses, IP networks, or address/port
combinations which receive the exact same treatment for a given rule.
The typical hack using this employs log-parser to look for SSH or
SMTP abuse and drops the new offenders in a table to deny daemon
access.
2) Slightly simpler configuration syntax.
You can, for example, use interfaces instead of IP address in more
places, as well as the aforementioned tables.
--
Jonathan Patschke ) "Some people grow out of the petty theft of
Elgin, TX ( childhood. Others grow up to be CEOs and
USA ) politicians." --Forrest Black
More information about the geeks
mailing list