From owner-freebsd-questions@FreeBSD.ORG Mon Jul 21 21:48:57 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC6A5A91; Mon, 21 Jul 2014 21:48:57 +0000 (UTC) Received: from host64.kissl.de (host64.kissl.de [213.239.241.64]) by mx1.freebsd.org (Postfix) with ESMTP id 67104282B; Mon, 21 Jul 2014 21:48:56 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by host64.kissl.de (Postfix) with ESMTP id 836B7A5A616B; Mon, 21 Jul 2014 23:48:49 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at host64.kissl.de Received: from host64.kissl.de ([127.0.0.1]) by localhost (host64.kissl.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nIawy4D6KVv1; Mon, 21 Jul 2014 23:48:49 +0200 (CEST) Received: from [192.168.0.11] (95-91-254-222-dynip.superkabel.de [95.91.254.222]) (Authenticated sender: web104p1) by host64.kissl.de (Postfix) with ESMTPSA id 059E0A5A6169; Mon, 21 Jul 2014 23:48:48 +0200 (CEST) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? From: Franco Fichtner In-Reply-To: <53CC85E2.1030606@freebsd.org> Date: Mon, 21 Jul 2014 23:48:49 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <53CC85E2.1030606@freebsd.org> To: Julian Elischer X-Mailer: Apple Mail (2.1878.6) Cc: "Kristian K. Nielsen" , freebsd-current@freebsd.org, Darren Pilgrim , freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Jul 2014 21:48:57 -0000 Hi Julian, On 21 Jul 2014, at 05:15, Julian Elischer wrote: > Most people I talk to just use ipfw and couldn't care whether pf lives = or dies. They have simple requirements and almost any filter would = suffice. I haven't found anything I'd want to use pf for that ipfw = doesn't allow me to do. There are things pf does that ipfw doesn't... I = just never want them.. this is quite insightful. The gist of this discussion and the apparent lack of upgrades to pf(4) seem to indicate that: (a) other packet filters do the required jobs equally or better or performance doesn't matter at all. (b) for more progressive setups and requirements, FreeBSD servers may as well be complemented with commercial firewalls, hand-rolled or non-FreeBSD solutions Is that somewhat accurate, or is there more to the story? Cheers, Franco=