From owner-freebsd-questions@FreeBSD.ORG Sat Jul 21 13:20:18 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B435916A417 for ; Sat, 21 Jul 2007 13:20:18 +0000 (UTC) (envelope-from jbronson@sixcompanies.com) Received: from grid.sixcompanies.com (grid.sixcompanies.com [69.90.133.39]) by mx1.freebsd.org (Postfix) with ESMTP id 7682E13C481 for ; Sat, 21 Jul 2007 13:20:18 +0000 (UTC) (envelope-from jbronson@sixcompanies.com) Received: from ns2.sixcompanies.com (CPE-72-128-113-230.wi.res.rr.com [72.128.113.230]) (authenticated bits=128) by grid.sixcompanies.com (8.14.1/8.14.1) with ESMTP id l6LDK8jW016881 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Sat, 21 Jul 2007 06:20:17 -0700 (PDT) Received: from coors.sixcompanies.com (coors.sixcompanies.com [10.43.82.5]) by ns2.sixcompanies.com (8.14.1/8.14.1) with ESMTP id l6LDK7C0001868; Sat, 21 Jul 2007 08:20:07 -0500 (CDT) Message-Id: <200707211320.l6LDK7C0001868@ns2.sixcompanies.com> X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sat, 21 Jul 2007 08:20:08 -0500 To: RW From: JD Bronson In-Reply-To: <20070721140828.7ea15436@gumby.homeunix.com.> References: <200702252202.l1PM2r46003312@cheyenne.sixcompanies.com> <720051dc0702260052v8e4d2b2v9bbca164bfe87a4b@mail.gmail.com> <720051dc0702260052v8e4d2b2v9bbca164bfe87a4b@mail.gmail.com> <200702261159.l1QBx46X006755@cheyenne.sixcompanies.com> <46A1EA91.5000306@dir.bg> <200707211229.l6LCTqiL001484@ns2.sixcompanies.com> <20070721140828.7ea15436@gumby.homeunix.com.> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: pf and keep/modulate state on 6.2 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jul 2007 13:20:18 -0000 At 02:08 PM 7/21/2007 +0100, RW wrote: >On Sat, 21 Jul 2007 07:29:53 -0500 >JD Bronson wrote: > > > thanks for the update on this. I had forgot about it since I just > > stopped using modulate state (is it really needed anymore?). > > > > Then, the beginning of this month I moved my firewall/router back > > over to OpenBSD 4.1 to stay more current with pf instead of running > > -CURRENT within FreebSD. > > > > This fix really should be incorporated into 6.2-STABLE or even > > 6.2-STANDARD I think. I wonder how many people use this and don't > > even know its messed up? > >I think it depends what percentage of people see connections actually >petering-out to nothing, like I did, rather that just slowing down. > >What I'm wondering is how many more serious bugs have been fixed in >OpenBSD, but not ported. As well as modulate state, I also stopped >using hfsc because ping-times sometimes just seem to jump-up to several >seconds and stay there. I never understood why Freebsd can't keep up to date with openbsd at least in regards to pf....thats the #1 reason I dont use freebsd as a firewall anymore. If they kept up to date, freebsd would rock. I always get much better performance than with openbsd..but with openbsd, I get stability and current versions of pf and the features therein, that I am after.... Netbsd is MUCH worse...I tried to use some pf commands and got errors only to find out that these features are not in the pf that ships with 3.0.1 netbsd. I was very surprised...gee, how the heck OLD is pf in Netbsd 3.0.1 ?!!? Maybe whomever supports/ports pf into freebsd will read this and either respond with reasons as to why freebsd cant be closer in sync with pf from openbsd or at least update it more often. -JD