From owner-freebsd-current@FreeBSD.ORG Sat Sep 22 21:26:49 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 425C510657C4 for ; Sat, 22 Sep 2012 21:26:49 +0000 (UTC) (envelope-from levitch@iglou.com) Received: from rdsmtp.iglou.com (rdsmtp.iglou.com [192.107.41.63]) by mx1.freebsd.org (Postfix) with ESMTP id EF0A38FC08 for ; Sat, 22 Sep 2012 21:26:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=iglou.com; s=alpha; h=Content-Type:MIME-Version:References:Message-ID:In-Reply-To:Subject:cc:To:From:Date; bh=JvnT/Y46MmBK+IiBlDbvqOPKUciJyA81W6p2cG4dFnU=; b=qXjasN4yZ/wSZTdlACLt/skcuDHJqbFu70Ezaxva2UOgRascXdNcgA1u9wsU7JiT7L/Nm+84/Pou1aXDV8PWKju41YU/HcBn5DuOoSFNNPUEdXE2XSKOTex8+trcP/iVC8h4mpLelcCEi7hKvkmRXrASbFQTe57kXscPk4rl0/8=; Received: from iglou4.iglou.com ([192.107.41.39]:37343 helo=mail.iglou.com) by rdsmtp.iglou.com with esmtpa (Exim MTA/8.19.3) (envelope-from ) id 1TFXDr-0006Pu-Nx by authid with igloumta_auth for freebsd-current@freebsd.org; Sat, 22 Sep 2012 17:26:47 -0400 Received: from shell1.iglou.com ([192.107.41.17]:42190 helo=shell1) by mail.iglou.com with esmtps (TLS cipher TLSv1:AES256-SHA:256) (Exim MTA/8.19.3) (envelope-from ) id 1TFXDr-0003bL-8n; Sat, 22 Sep 2012 17:26:47 -0400 Date: Sat, 22 Sep 2012 17:26:47 -0400 (EDT) From: Darrel X-X-Sender: levitch@shell1 To: Fbsd8 In-Reply-To: <505DB5CC.4010707@a1poweruser.com> Message-ID: References: <20120918205617.02ee281e@fabiankeil.de> <505DB5CC.4010707@a1poweruser.com> User-Agent: Alpine 2.00 (GSO 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Originating-IP: 192.107.41.17 X-IgLou-Customer: 3cb6f76205bd20f518810676a67a982b X-Mailman-Approved-At: Sun, 23 Sep 2012 01:45:11 +0000 Cc: freebsd-current@freebsd.org Subject: Re: manual page | zpool-features X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2012 21:26:49 -0000 > snip >> >> Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD >> Packet Firewall that survives upgrades. Perhaps I should just take all of >> the Packet Firewall stuff out of my kernel and learn to use ipfw2. >> >> >> Darrel >> >> > > On the subject of OpenBSD Packet Firewall > > OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD > 8.x and 9.x releases is no longer supported by OpenBSD and very back level. > > The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax > of the NAT statement making PF no longer backwards compatible which breaks > some Freebsd standard, so updated versions of OpenBSD PF will no longer be > mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be > incorporated by hand into FreeBSD's version of PF from this point on. > > The following will shine some more light on the subject. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=167057 > > http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html > > Thank you. This information is good to know since I recompiled parts of Packet Firewall and then rebooted the machine with no working Packet Filter as a result. I have adjusted to the changes and am running OpenBSD 5.1 on my perimeter. Also, I am experimenting with NPF on NetBSD, which has a few bugs but generally works just fine tested with 'nmap' and the like. For FreeBSD, I will change to IPFW. It might be useful anyhow, since I have a Macintosh and will eventually probably get another. I would guess that the Macintosh firewall is still 'ipfw2', or something not too dissimilar. There is just no sense banging my head against a wall and repearting mistakes that actually do not belong to me by trying to run Packet Filter on FreeBSD. Darrel