From owner-freebsd-current@FreeBSD.ORG Sat Jul 19 08:35:41 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 343374C9; Sat, 19 Jul 2014 08:35:41 +0000 (UTC) Received: from mail-oa0-x232.google.com (mail-oa0-x232.google.com [IPv6:2607:f8b0:4003:c02::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D8C4B24F4; Sat, 19 Jul 2014 08:35:40 +0000 (UTC) Received: by mail-oa0-f50.google.com with SMTP id g18so4796674oah.23 for ; Sat, 19 Jul 2014 01:35:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=9gKTRAQVc96yH3ikavmHLaOCRzH+BRJwT1ZaflNsWRk=; b=YxOuf/6FLCKE90ae2NqFBEmx7HGjxO0lUDjGgabamnZRE+s9z11ip4VnN1EOqnuBXa 0TrpUV2wvJuaWaMB0xo7QxWszWgmcXzS7Dvwm5jX7rFYG355AU7uIc2/Zg5tohEHvjx0 MjGeUjmSKMpdi7hlb8/dQIOLNmBETOtGPV8zka8YRQwwWKrWfsHNDAZlaz+dcBgl5PwI 5CU28YEORMGsJs3rUkI4dQ7/RBqeQdqBTRvQx5zeT1UwmalQxTQGFAdOzlaS0AY2xtNq yw+I/ILxZyvSsR/x/qqfiUGuHtiPy7RKXYsp+MbnVUe4z5vC2THWwIRGAGz2baIGTXH3 /lJw== MIME-Version: 1.0 X-Received: by 10.60.70.205 with SMTP id o13mr14479771oeu.38.1405758939926; Sat, 19 Jul 2014 01:35:39 -0700 (PDT) Received: by 10.76.170.39 with HTTP; Sat, 19 Jul 2014 01:35:39 -0700 (PDT) In-Reply-To: <53C9DAA1.4020006@bluerosetech.com> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <53C9DAA1.4020006@bluerosetech.com> Date: Sat, 19 Jul 2014 10:35:39 +0200 Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? From: Andreas Nilsson To: Darren Pilgrim Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18 Cc: Gleb Smirnoff , Mailinglists FreeBSD , Current FreeBSD X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 08:35:41 -0000 On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim < list_freebsd@bluerosetech.com> wrote: > On 7/18/2014 4:06 AM, Gleb Smirnoff wrote: > >> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is >> K> following OpenBSD's pf the past? - should it be? >> >> Following OpenBSD on features would be cool, but no bulk imports >> would be made again. Bulk imports produce bad quality of port, >> and also pf in OpenBSD has no multi thread support. >> > > I would much rather have a slower pf that actually supports modern > networking than a faster one I can't use due to showstopper flaws and > missing features. > So would I. Not that we use pf, but anyway. > > There is currently no viable firewall module for FreeBSD if you want to do > things like route IPv6. Isn't that possible with ipfw? Perhaps the pf guys in OpenBSD could be convinced to start openpf and have porting layer as in openzfs. Best regards Andreas