Date: Sun, 22 Dec 2013 21:50:30 +0200 From: wishmaster <artemrts@ukr.net> To: Berend de Boer <berend@pobox.com> Cc: freebsd-pf@freebsd.org Subject: Re: Network severely unstable 10.0-PRERELEASE Message-ID: <1387740798.766930858.eawg47i5@frv34.ukr.net> In-Reply-To: <87sitku33x.wl%berend@pobox.com> References: <87sitku33x.wl%berend@pobox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--- Original message --- From: "Berend de Boer" <berend@pobox.com> Date: 22 December 2013, 20:56:35 > Hi All, > > pf has not worked well for me after version 8. Certain rules crash the > kernel > (http://www.freebsd.org/cgi/query-pr.cgi?pr=misc/182141). Avoiding > these rules gave me something that at least kept the system alive on a > 10-CURRENT. > > But since the RC versions my system stays up for only a few days, > before I need a reboot as network connectivity gets reset. > > It's the modem (pppoe), every few minutes all tcp (?) connections get > dropped somehow. A reboot fixes it for a week or so. > > I have no clue how to debug this. > > But I'm getting pretty scared of pf, and going back to ipfw might seem > best. > > What are people's thoughts on pf in FreeBSD, does it have a future? > Are there people working on pf? Should I simply forget about it, and > go back to ipfw? > It's just my IMHO and experience. Pf in 10 is good, especially in performance context (thx glebius@) but, unfortunately, yes you should forgot about pf if you are planning to use not only firewalling but shaper/prioritization too due to poor performance/flexibility of ALTQ, especially in case of complex network topologies. Or you can use OpenBSD with new "prio" queueing mechanism Cheers, w
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1387740798.766930858.eawg47i5>