Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Jul 2014 08:50:06 -0500
From:      Mark Felder <feld@freebsd.org>
To:        Andreas Nilsson <andrnils@gmail.com>
Cc:        Gleb Smirnoff <glebius@FreeBSD.org>, Darren Pilgrim <list_freebsd@bluerosetech.com>, Current FreeBSD <freebsd-current@freebsd.org>, Mailinglists FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: Future of pf / firewall in FreeBSD ? - does it have one ?
Message-ID:  <8E7D9358-29BA-48F9-9067-1BBA48470673@FreeBSD.org>
In-Reply-To: <CAPS9%2BSt%2B2Q01SNWcP9sMja3hUnFNenUE11S5cHMeueC-9wSn1g@mail.gmail.com>
References:  <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <53C9DAA1.4020006@bluerosetech.com> <CAPS9%2BSt%2B2Q01SNWcP9sMja3hUnFNenUE11S5cHMeueC-9wSn1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Jul 19, 2014, at 3:35, Andreas Nilsson <andrnils@gmail.com> wrote:

> On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim <
> list_freebsd@bluerosetech.com> wrote:
>=20
>> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
>>=20
>>> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
>>> K> following OpenBSD's pf the past? - should it be?
>>>=20
>>> Following OpenBSD on features would be cool, but no bulk imports
>>> would be made again. Bulk imports produce bad quality of port,
>>> and also pf in OpenBSD has no multi thread support.
>>>=20
>>=20
>> I would much rather have a slower pf that actually supports modern
>> networking than a faster one I can't use due to showstopper flaws and
>> missing features.
>>=20
>=20
> So would I. Not that we use pf, but anyway.
>=20
>>=20
>> There is currently no viable firewall module for FreeBSD if you want =
to do
>> things like route IPv6.
>=20
>=20
> Isn't that possible with ipfw?
>=20
> Perhaps the pf guys in OpenBSD could be convinced to start openpf and =
have
> porting layer as in openzfs.
>=20

I do not know ipfw IPv6 limitations, but the Wikipedia article says:

* IPv6 support (with several limitations)


Choice is nice, but I would like to see the project promote one firewall =
to users. My coworkers long ago jumped ship from ipfw to pf and I know =
regret that decision due to the IPv6 bugs. At this point it's too hard =
to migrate all the servers off of pf.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8E7D9358-29BA-48F9-9067-1BBA48470673>