[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipf

Hash: SHA1

On Tue, May 29, 2001 at 07:13:11PM -0600, Theo de Raadt wrote:
> sometime in the next 20 hours, i will be removing ipf from the source
> tree since it does not meet our freedom requirements, as have been
> outlined in policy.html and goals.html since the start of our project.
> we will have to work on an alternative.

/usr/ports/net/ipf, perhaps? 

Something that doesn't bugger up cvs updates, perhaps? 

Something that isn't a tremendous crock of excrement that's playing 
technological catchup like iptables or ipfw, perhaps?

Unfortunately, ipfilter and OpenBSD go very well together (aside from niggling 
ideological differences that could probably be solved by working TOGETHER 
instead of fighting) and you're doing a TREMENDOUS disfavor to your user 
community [1] by pulling out ipfilter without a replacement system that works
as fantastically well as the tight ipf/OpenBSD integration, or without coming
to an aimicable solution, which you probably *could have accomplished* by 
sending patches back to Darren. 

Of course, it's too late now.. Everyone's resorted to peeing on each others 
shoes over the issue, and thus, another NetBSD/OpenBSD battle ensues...


[1] Yes, we're all aware that you work on OpenBSD for yourself and to hell
with a user community...

[2] Personal opinion based on statements I've read on the ipfilter list..  
May not actually be correct.

- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
Version: GnuPG v1.0.5 (FreeBSD)
Comment: For info see http://www.gnupg.org