From owner-freebsd-questions@FreeBSD.ORG  Mon Jul 21 05:49:05 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id ACBB8961
 for <freebsd-questions@freebsd.org>; Mon, 21 Jul 2014 05:49:05 +0000 (UTC)
Received: from bizet.nethelp.no (bizet.nethelp.no [195.1.209.33])
 by mx1.freebsd.org (Postfix) with SMTP id E89002720
 for <freebsd-questions@freebsd.org>; Mon, 21 Jul 2014 05:49:04 +0000 (UTC)
Received: (qmail 4924 invoked from network); 21 Jul 2014 05:42:20 -0000
Received: from bizet.nethelp.no (HELO localhost) (195.1.209.33)
 by bizet.nethelp.no with SMTP; 21 Jul 2014 05:42:20 -0000
Date: Mon, 21 Jul 2014 07:41:05 +0200 (CEST)
Message-Id: <20140721.074105.74747815.sthaug@nethelp.no>
To: andrnils@gmail.com
Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ?
From: sthaug@nethelp.no
In-Reply-To: <CAPS9+StPJRVSFLjpxgVEewT9fwHHFxw=qODAYa=uOAzb-V=v2Q@mail.gmail.com>
References: <CAJcQMWe9=3PvOhfT8N-78N04A0u3OvkjOd-HPCiBUcJFZZb0-g@mail.gmail.com>
 <20140720134133.1d30f725@kan>
 <CAPS9+StPJRVSFLjpxgVEewT9fwHHFxw=qODAYa=uOAzb-V=v2Q@mail.gmail.com>
X-Mailer: Mew version 3.3 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: max@mxcrypt.com, freebsd-current@freebsd.org, kabaev@gmail.com,
 freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 05:49:05 -0000

> Also, the openbsd stack has some essential features missing in freebsd,
> like mpls and md5 auth for bgp sessions.

I use MD5 auth for BGP sessions every day (and have been doing so for
several releases). One could definitely wish for better integration -
having to specify MD5 key both in /etc/ipsec.conf and in the Quagga
bgpd config is not nice. But it works.

MPLS would be nice - but is not a high priority. That's what I use
Juniper and Cisco routers for. For MPLS to be of any use I'd also need
a working IS-IS implementation, and I believe Quagga isn't quite there
yet.

Steinar Haug, Nethelp consulting, sthaug@nethelp.no