From owner-freebsd-pf@FreeBSD.ORG Tue Jul 8 22:32:39 2014 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A4D0566A for ; Tue, 8 Jul 2014 22:32:39 +0000 (UTC) Received: from silver.jkkn.net (jkkn.dk [IPv6:2001:16d8:dd04:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 0DA3A29F8 for ; Tue, 8 Jul 2014 22:32:35 +0000 (UTC) Received: from [IPv6:2001:16d8:dd04:0:2905:35f9:4a63:c75a] (lenovo.home6.jkkn.net [IPv6:2001:16d8:dd04:0:2905:35f9:4a63:c75a]) (authenticated bits=0) by silver.jkkn.net (envelope-from freebsd@com.jkkn.dk) (8.14.9/8.14.9) with ESMTP id s68MWUtu023710 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Wed, 9 Jul 2014 00:32:31 +0200 (CEST) (envelope-from freebsd@com.jkkn.dk) DKIM-Filter: OpenDKIM Filter v2.8.3 silver.jkkn.net s68MWUtu023710 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=com.jkkn.dk; s=jkkn-dkim; t=1404858751; bh=NODPViir3mCvu5+lhtdDQg43bukrTt9OHQ8YHxGpFcU=; h=Date:From:To:Subject; b=Nt90LNnpx6xe/hH4+xrkitCczK2TjAvXOjcc76L/8ds/SBe9AfvHm1zrwGehhfS1C 1Z526xu53ATCOAhf5P9GktplykwhqrVJ+HmQK7ioet4LqvAsIimEawO/KOHxNoUSac JlRG4AHXIIQIvFqnqSG4Kq8SqLv+GMOYfwqDYLGQ= Message-ID: <53BC717C.9080108@com.jkkn.dk> Date: Wed, 09 Jul 2014 00:32:28 +0200 From: "Kristian K. Nielsen" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-pf@FreeBSD.org Subject: Future of pf in FreeBSD ? - does it have one ? Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Scanned: clamav-milter 0.98.4 at silver.jkkn.net X-Virus-Status: Clean X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 22:32:39 -0000 Hi all, I am a happy user of the pf-firewall module and have been for years and think it is really great but lately its getting a bit dusty. The last few years, however, it seem that pf in FreeBSD got a long way away from pf in OpenBSD where it originated and I am also continually watching where FreeBSD goes with ipfilter (ipf) and ipfw (dead?). So I am curious if any on the mailing could elaborate about what the future of pf in FreeBSD is. a) First of all - are any actively developing pf in FreeBSD? b) We are a major release away from OpenBSD (5.6 coming soon) - is following OpenBSD's pf the past? c) We never got the new syntax from OpenBSD 4.7's pf - is that still blocking us? d) Anyone working on bringing FreeBSD up to 5.6? e) OpenBSD is retiring ALTQ entirely - any thoughts on that? http://undeadly.org/cgi?action=article&sid=20140419151959 f) IPv6 support?- it seem to be more and more challenged in the current version of pf in FreeBSD and I am (as well as others) introducing more and more IPv6 in networks. E.x. Bugs #179392, #172648, #130381, #127920 and more seriously #124933, which is the bug on not handling IPv6 fragments which have been open since 2008 and where the workaround is necessity to leave an open hole in your firewall ruleset to allow all fragments. Occoring to comment in the bug, this have been long gone in OpenBSD. Hope to heard from you all, Best regards, Kristian Krĉmmer Nielsen, Odense, Denmark