[CentOS] creating script for init.d

Wed Dec 27 17:41:05 UTC 2006
Aleksandar Milivojevic <alex at milivojevic.org>

Quoting Robert Spangler <lazydog at zoominternet.net>:

> On Tue December 26 2006 19:43, Peter Serwe wrote:
>
>>  I know this is a CentOS/Linux list, but I seriously wish they would take
>>  a cue
>>  from *BSD and start integrating pf with modern Linux distributions.
>
> What advantages does pf hold over iptables?
> And please don't start of with it is more secure BS.

Transparent bridging firewall sitting in front of ADSL modem when  
PPPoE is used.  That one can't be implemented using Netfilter.

  | modem | <-----> | bridge/fw | <------> | PC / PPPoE endpoint |

Here's why:

  - Raw PPPoE packets will not be handled over to Netfilter for inspection.
  - Even if they were, you'd need special Netfilter modules and/or  
hacks to inspect encapsulated IP packets (inside raw PPPoE packets).   
Such module doesn't exist, and might not be trivial or even possible  
to implement.

When investigating this particular problem with Netfilter, I found  
couple of HOWTOs describing how to do this kind of stuff on *BSD.