Date: Sat, 19 Jul 2014 08:50:06 -0500 From: Mark Felder <feld@freebsd.org> To: Andreas Nilsson <andrnils@gmail.com> Cc: Gleb Smirnoff <glebius@FreeBSD.org>, Darren Pilgrim <list_freebsd@bluerosetech.com>, Current FreeBSD <freebsd-current@freebsd.org>, Mailinglists FreeBSD <freebsd-questions@freebsd.org> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <8E7D9358-29BA-48F9-9067-1BBA48470673@FreeBSD.org> In-Reply-To: <CAPS9%2BSt%2B2Q01SNWcP9sMja3hUnFNenUE11S5cHMeueC-9wSn1g@mail.gmail.com> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <53C9DAA1.4020006@bluerosetech.com> <CAPS9%2BSt%2B2Q01SNWcP9sMja3hUnFNenUE11S5cHMeueC-9wSn1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 19, 2014, at 3:35, Andreas Nilsson <andrnils@gmail.com> wrote: > On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim < > list_freebsd@bluerosetech.com> wrote: > >> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote: >> >>> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is >>> K> following OpenBSD's pf the past? - should it be? >>> >>> Following OpenBSD on features would be cool, but no bulk imports >>> would be made again. Bulk imports produce bad quality of port, >>> and also pf in OpenBSD has no multi thread support. >>> >> >> I would much rather have a slower pf that actually supports modern >> networking than a faster one I can't use due to showstopper flaws and >> missing features. >> > > So would I. Not that we use pf, but anyway. > >> >> There is currently no viable firewall module for FreeBSD if you want to do >> things like route IPv6. > > > Isn't that possible with ipfw? > > Perhaps the pf guys in OpenBSD could be convinced to start openpf and have > porting layer as in openzfs. > I do not know ipfw IPv6 limitations, but the Wikipedia article says: * IPv6 support (with several limitations) Choice is nice, but I would like to see the project promote one firewall to users. My coworkers long ago jumped ship from ipfw to pf and I know regret that decision due to the IPv6 bugs. At this point it's too hard to migrate all the servers off of pf.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E7D9358-29BA-48F9-9067-1BBA48470673>