From owner-freebsd-virtualization@freebsd.org Wed Nov 4 21:40:36 2020 Return-Path: Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E138F46706B for ; Wed, 4 Nov 2020 21:40:36 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CRKnv5prRz4KNk for ; Wed, 4 Nov 2020 21:40:35 +0000 (UTC) (envelope-from mpp302@gmail.com) Received: by mail-ej1-f41.google.com with SMTP id 7so19160ejm.0 for ; Wed, 04 Nov 2020 13:40:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=CKl/7MjLXjB7H7RoTQWZE0ZPoTxORJKTc/Ad5Pj7LII=; b=CVSIlvX8akYoe9klr4dANaaX5sNOr43xGAb2WPc0MD6BlJvpcikne/cbG6yQG2JcCJ aTy8nK7RFSLOwFGK0nyfCFVhQ1NwIj4APUef/Gs0vr7dOM/siMX70LGLEL25gyyVTzd3 3nH3MvS5xpCeH2JEaZBDz52JLDNVYlrr+bse/rzxZTN0hhheo5Zu8tMzF1SV5uH66uNf G02WZ+vCpr4lyjCpKkJjCNC1RJF32L1ZZ+pR5LitwF1Efn7de1NC7nr2nCMhBGPpgGSH tHhnEBzfgOJW/qYP+roXBYHdWYL7MHYn0PAalqD6IfbzS6D4BwUzhyxudcWXIe1ymWBl LhbQ== X-Gm-Message-State: AOAM530cv3HzN0kcTbfj6ZYUSJHRSj+Ok+pdkF66cliC4jkTppEKVW3P QKjeai3vZmiMZ+nxFLGt8sgvRTwEcpEQlg== X-Google-Smtp-Source: ABdhPJxK/YQhFBXQA6eMqWBg70Nwrxqp56GKmmilZMUqeLwwYWVIOmwHVmzT6YpYY6/VsVFtAHyZsQ== X-Received: by 2002:a17:906:2f10:: with SMTP id v16mr110480eji.320.1604526033853; Wed, 04 Nov 2020 13:40:33 -0800 (PST) Received: from ?IPv6:2a02:8109:98c0:1bc0:5e5f:67ff:fef4:ffd8? ([2a02:8109:98c0:1bc0:5e5f:67ff:fef4:ffd8]) by smtp.gmail.com with ESMTPSA id f19sm1611049edy.13.2020.11.04.13.40.32 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 04 Nov 2020 13:40:33 -0800 (PST) Subject: Re: Using OpenBSD guest as PF firewall To: Paul Pathiakis , Thomas Laus Cc: "freebsd-virtualization@freebsd.org" References: <01000175941a2783-79804ed8-eafa-4f80-92d4-3f500e9d7993-000000@email.amazonses.com> <974524126.1643642.1604508967098@mail.yahoo.com> <0100017594cd88fb-b5e708e7-8213-4c8e-9446-9b1a28fb2a61-000000@email.amazonses.com> <1520318938.1718710.1604519358758@mail.yahoo.com> From: Mateusz Piotrowski <0mp@FreeBSD.org> Message-ID: Date: Wed, 4 Nov 2020 22:40:32 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.4.0 MIME-Version: 1.0 In-Reply-To: <1520318938.1718710.1604519358758@mail.yahoo.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 4CRKnv5prRz4KNk X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mpp302@gmail.com designates 209.85.218.41 as permitted sender) smtp.mailfrom=mpp302@gmail.com X-Spamd-Result: default: False [-2.42 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[209.85.218.41:from]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; RCVD_COUNT_THREE(0.00)[3]; NEURAL_HAM_SHORT(-0.38)[-0.378]; FREEMAIL_TO(0.00)[yahoo.com,acm.org]; FORGED_SENDER(0.30)[0mp@FreeBSD.org,mpp302@gmail.com]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; FROM_NEQ_ENVFROM(0.00)[0mp@FreeBSD.org,mpp302@gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.985]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.05)[-1.052]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-virtualization@freebsd.org]; DMARC_NA(0.00)[FreeBSD.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[209.85.218.41:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-virtualization] X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Nov 2020 21:40:36 -0000 On 11/4/20 8:49 PM, Paul Pathiakis via freebsd-virtualization wrote: > Thank you. > I didn't know they had never 're-synced'. > Paul Just for the record, the pf version currently available in FreeBSD is not just an old OpenBSD pf. See the note in the PF chapter in the handbook (https://www.freebsd.org/doc/handbook/firewalls-pf.html): "Warning: When reading the PF FAQ, keep in mind that FreeBSD's version of PF has diverged substantially from the upstream OpenBSD version over the years. Not all features work the same way on FreeBSD as they do in OpenBSD and vice versa." Cheers! > > On Wednesday, November 4, 2020, 2:48:20 PM EST, Thomas Laus wrote: > > Paul Pathiakis [pathiaki2@yahoo.com] wrote: >>   Hi, >> Is there a reason you would want to use OpenBSD versus FreeBSD? >> FreeBSD has pf and I use it on my server at home. >> >> Are you exploring OpenBSD? Did you not know that pf is an >> available firewall on FreeBSD? >> > The OpenBSD PF firewall is several revisions ahead and more inte- > grated than one in FreeBSD.  The PF versions diverged in OpenBSD > 4.7 and the one in FreeBSD was left behind.  I use them both > on their respected OS.  It was very recent in bhyve development > that pci-passthru was finally operational with an OpenBSD guest > and I was building a new server and wanted to test things out. > > Tom >