[geeks] "pf" on Solaris?
Mike F
lists at ibrew.net
Mon Jun 7 09:29:36 CDT 2004
Bill Bradford wrote:
> On Mon, Jun 07, 2004 at 05:44:25PM +1000, Scott Howard wrote:
>
>
>> If you're intending to upgrade to Solaris 10 at some stage
>> then sticking with ipfilter would be a better long-term
>> decision...
>
>
> Why? The ipfilter that ships with Solaris 10 is an older
> version, even. As far as I know, its just contributed
> software, not "built into" the kernel any more than the
> version I download and compile is..
>
> Bill
Even then, ipfilter 4.1.x (now at 4.1.2) doesn't seem completely
ready for prime time. Every other day (as you probably know)
people are posting patches to the ipfilter mailing list for
problems with ipf. There just seem to be way too many problems
with the ipfilter 4.x series, and no "official" way to keep on
top of patches. On the other hand, the ipfilter 3.4.x line has
really stabilized a lot - that's why I am sticking with ipf
3.4.34 for my Solaris systems.
I agree with you that pf is a much nicer packet filter, but for
now it only supports OpenBSD, and on the systems where I am
doing packet filtering I need to run Solaris. I'm eagerly
awaiting the day pf is available for Solaris. Apparently
FreeBSD and NetBSD are now able to run pf, so maybe Solaris
will too someday...
More information about the geeks
mailing list