Date: Sat, 22 Sep 2012 17:26:47 -0400 (EDT) From: Darrel <levitch@iglou.com> To: Fbsd8 <fbsd8@a1poweruser.com> Cc: freebsd-current@freebsd.org Subject: Re: manual page | zpool-features Message-ID: <alpine.GSO.2.00.1209221717530.1799@shell1> In-Reply-To: <505DB5CC.4010707@a1poweruser.com> References: <alpine.GSO.2.00.1209181050190.28869@shell1> <20120918205617.02ee281e@fabiankeil.de> <alpine.GSO.2.00.1209181532050.29285@shell1> <alpine.GSO.2.00.1209191233450.3885@shell1> <alpine.GSO.2.00.1209212201450.11271@shell1> <505DB5CC.4010707@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> snip >> >> Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD >> Packet Firewall that survives upgrades. Perhaps I should just take all of >> the Packet Firewall stuff out of my kernel and learn to use ipfw2. >> >> >> Darrel >> >> > > On the subject of OpenBSD Packet Firewall > > OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD > 8.x and 9.x releases is no longer supported by OpenBSD and very back level. > > The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax > of the NAT statement making PF no longer backwards compatible which breaks > some Freebsd standard, so updated versions of OpenBSD PF will no longer be > mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be > incorporated by hand into FreeBSD's version of PF from this point on. > > The following will shine some more light on the subject. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=167057 > > http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html > > Thank you. This information is good to know since I recompiled parts of Packet Firewall and then rebooted the machine with no working Packet Filter as a result. I have adjusted to the changes and am running OpenBSD 5.1 on my perimeter. Also, I am experimenting with NPF on NetBSD, which has a few bugs but generally works just fine tested with 'nmap' and the like. For FreeBSD, I will change to IPFW. It might be useful anyhow, since I have a Macintosh and will eventually probably get another. I would guess that the Macintosh firewall is still 'ipfw2', or something not too dissimilar. There is just no sense banging my head against a wall and repearting mistakes that actually do not belong to me by trying to run Packet Filter on FreeBSD. Darrel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.GSO.2.00.1209221717530.1799>