You can't patch the Berkeley Packet Filter into Linux. Linux kernel doesn't support it. and... Despite a cacophonous chorus of replies directing you to the right tool for the job, you insist on sticking with Linux. If you want to use the wrong tool for the job, by all means, use ipset/iptables - have a great time with it. When it doesn't give you the performance you want, then you will probably go buy something else. I don't care how you pretty up iptables and it's predecessor, ipchains, it's still a black eye on Linux comparatively speaking. Berkeley invented TCP/IP, the Berkeley TCP/IP stack is implemented on just about every platform/OS combination there is. Berkeley *is* networking. And yes, the community around BSD are assholes, but they are semi-entitled. Their shit is way better documented than just about anything else in Open Source, including most things Linux. Peter On Fri, Dec 18, 2009 at 12:16 PM, sadas sadas <mailrc at abv.bg> wrote: > > after quick search in google: > > http://postfactum.pl.ua/pf/ > > I will test to patch latest linux kernel with pf. > What do you thing? > > > -- Peter Serwe http://truthlightway.blogspot.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20091218/4d889ff8/attachment-0005.html>