Date: Mon, 4 Mar 2013 08:12:48 -0600 From: Mark Felder <feld@feld.me> To: freebsd-security@freebsd.org, Robert Simmons <rsimmons0@gmail.com> Subject: Re: Firewall Options Message-ID: <op.wtfdrmfs34t2sn@tech304.office.supranet.net> In-Reply-To: <CA%2BQLa9DgZWoajW0dTkNjOGsDsS=ggXefJK9v%2BtraZq4F99uUnQ@mail.gmail.com> References: <CA%2BQLa9DgZWoajW0dTkNjOGsDsS=ggXefJK9v%2BtraZq4F99uUnQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 03 Mar 2013 17:12:18 -0600, Robert Simmons <rsimmons0@gmail.com> wrote: > Are there plans to update ipfilter or pf to current versions? > ipfilter is currently at 5.1.2, but the version in FreeBSD is 4.1.28 > from 2007. > > On the pf side, the version in FreeBSD is 4.5, but the current version > I would understand to be 5.2. The version in FreeBSD is pre-4.7, so > much of the syntax in the current documentation is different and does > not work in this older version. > > Is IPFW the only maintained firewall option, or is there a way to > build either of the above as ports? > It takes a *lot* of work to re-port packet filters to a different BSD kernel and ensure everything works perfectly. We recently received a nice pf version bump with the release of 9.0 and it doesn't seem likely we'll see another soon. There is an SMP-friendly fork of pf in progress for FreeBSD. It may very well turn out that FreeBSD's pf completely diverges from OpenBSD's permanently as OpenBSD has no interest in an SMP-friendly pf. http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006643.html As for IPFW -- I honestly don't know. I can't remember the last time there was a major update of IPFW for FreeBSD.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.wtfdrmfs34t2sn>