From owner-freebsd-hackers@FreeBSD.ORG Fri Jan 2 15:41:15 2015 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 366AC734 for ; Fri, 2 Jan 2015 15:41:15 +0000 (UTC) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 07D6C66309 for ; Fri, 2 Jan 2015 15:41:14 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id A299C2099D for ; Fri, 2 Jan 2015 10:41:13 -0500 (EST) Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Fri, 02 Jan 2015 10:41:13 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:in-reply-to :references:subject:date; s=smtpout; bh=sqW8NgmXrce7QMYnpKgnZ0ro JFM=; b=P/YAUMuZ3TCkavZS6yRJnLCSic4It4R+496koq4aOxrbDu+yeN78Tne3 Pvtmn6mNUxg2uPa9BHc3Kp/0i9kBHpgvdVeLzmYoSAIWGx3lXLOs4ZG9PE9ArFiu GJa+j7PzgQJ3REoNrSjqxb879lwm+xW5k8iGJwz9wSraJiWdswU= Received: by web3.nyi.internal (Postfix, from userid 99) id 7A816112D8D; Fri, 2 Jan 2015 10:41:13 -0500 (EST) Message-Id: <1420213273.622796.208841861.04300699@webmail.messagingengine.com> X-Sasl-Enc: TeLgYx5MqjFPbvtnWyNmTqda0O9hwur14x204Zyk88+z 1420213273 From: Mark Felder To: freebsd-hackers@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-0b895a96 In-Reply-To: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com> References: <1419995051.3716640.208176841.1676669A@webmail.messagingengine.com> Subject: Re: [FreeBSD 11 Wishlist] Replacing an OpenBSD Firewall Date: Fri, 02 Jan 2015 09:41:13 -0600 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2015 15:41:15 -0000 UPDATE: I have everything working except QoS, so thanks for the 6rd gif tunnel workaround Nathan. ALTQ being absent from GENERIC is another sore spot that should be investigated. I've been encouraged to use ipfw and dummynet, but converting my firewall rules again is not something I'm enthusiastic about. I'll note that FreeBSD is often praised for including pf while ipfw is completely overlooked; our own Handbook even puts pf before ipfw. That certainly sends a message that we may not be intending to send and should be considered carefully.