Quoting Robert Spangler <lazydog@xxxxxxxxxxxxxxxx>:
On Tue December 26 2006 19:43, Peter Serwe wrote:
I know this is a CentOS/Linux list, but I seriously wish they would take
a cue
from *BSD and start integrating pf with modern Linux distributions.
What advantages does pf hold over iptables?
And please don't start of with it is more secure BS.
Transparent bridging firewall sitting in front of ADSL modem when
PPPoE is used. That one can't be implemented using Netfilter.
| modem | <-----> | bridge/fw | <------> | PC / PPPoE endpoint |
Here's why:
- Raw PPPoE packets will not be handled over to Netfilter for inspection.
- Even if they were, you'd need special Netfilter modules and/or
hacks to inspect encapsulated IP packets (inside raw PPPoE packets).
Such module doesn't exist, and might not be trivial or even possible
to implement.
When investigating this particular problem with Netfilter, I found
couple of HOWTOs describing how to do this kind of stuff on *BSD.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
