Quoting Robert Spangler <lazydog at zoominternet.net>: > On Tue December 26 2006 19:43, Peter Serwe wrote: > >> I know this is a CentOS/Linux list, but I seriously wish they would take >> a cue >> from *BSD and start integrating pf with modern Linux distributions. > > What advantages does pf hold over iptables? > And please don't start of with it is more secure BS. Transparent bridging firewall sitting in front of ADSL modem when PPPoE is used. That one can't be implemented using Netfilter. | modem | <-----> | bridge/fw | <------> | PC / PPPoE endpoint | Here's why: - Raw PPPoE packets will not be handled over to Netfilter for inspection. - Even if they were, you'd need special Netfilter modules and/or hacks to inspect encapsulated IP packets (inside raw PPPoE packets). Such module doesn't exist, and might not be trivial or even possible to implement. When investigating this particular problem with Netfilter, I found couple of HOWTOs describing how to do this kind of stuff on *BSD.