What PF Doesn't Do Application filtering Two implementation options Simple but simplistic Trivial to defeat False positives Comprehensive but complex Complexity == security risk Too bloated for kernel Extremely difficult to do correctly Solution: Userland proxy No kernel bloat Security risk of complex code can be contained privilege revocation/separation, chroot, etc.