From owner-freebsd-questions@FreeBSD.ORG Thu Jul 31 12:42:17 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D217C72F for ; Thu, 31 Jul 2014 12:42:17 +0000 (UTC) Received: from mail-qg0-x22c.google.com (mail-qg0-x22c.google.com [IPv6:2607:f8b0:400d:c04::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7D91D2727 for ; Thu, 31 Jul 2014 12:42:17 +0000 (UTC) Received: by mail-qg0-f44.google.com with SMTP id e89so3809897qgf.3 for ; Thu, 31 Jul 2014 05:42:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=date:from:to:subject:message-id:in-reply-to:references:reply-to :organization:mime-version:content-type; bh=t7wW1jWCaJC9nmYsHwnf6ShFLH5uecMVpP8fNkpKcE8=; b=id4e0N+7pp9e1dpVf38PO+5jsnt8e5PisKnoacY0/3eB2EaD9eybYZxk5FbvTKmU3u qCk/Ix5gp9hXwG2u3bltrXBNVCRuaKHLG3D70GTAurAgqOXmhHKNOvmvgHGGpTfwFttv FqimDP7mlFK92ADdGegaFmQeJEFWHPNhdSDQg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:in-reply-to :references:reply-to:organization:mime-version:content-type; bh=t7wW1jWCaJC9nmYsHwnf6ShFLH5uecMVpP8fNkpKcE8=; b=AKX52oRlvLzrUvaWx/MzBBt50rPWbRxdP43XgyLfkVVdYB3GLiDtIyYTylUNCPDtfS GfV6MZZ0O+Gu+wt8SfFSumjjRuNlcTv/W7KDXZ+ACfJOOrknJ8eReyaTp7HRBDxP9nTf BEb+kM3jhLjixJYmH8gJ0JwGuthhcLaCKUoe7fM0KCjYWXNBiPOmFeexzhfi+A13eJGy Vw36FaFdgRFy315jYDt8DfxAymJgq+HphrrlK6ncUIjonZTkTRaMmX8E8FecygLgvyA8 6zllL8JrHMHX83rLHv1KgAXJPF4tQZ+jM9fPgiy4XsZWo2x6UuJEVPiSIkyyFXYKRg1Q QjLQ== X-Gm-Message-State: ALoCoQlbXuzgno+BA9fEaSfTzm8uCBLH2R6EF0/RailFmzOmry9+NZ9sYPnH3vkEHwMK7AMdYXSO X-Received: by 10.224.111.193 with SMTP id t1mr17931037qap.103.1406810536406; Thu, 31 Jul 2014 05:42:16 -0700 (PDT) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPSA id f23sm5847220qge.10.2014.07.31.05.42.15 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 31 Jul 2014 05:42:15 -0700 (PDT) Received: from scorpio (cpe-076-182-104-150.nc.res.rr.com [76.182.104.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3hPB8k2Pwcz3DlTd for ; Thu, 31 Jul 2014 08:42:14 -0400 (EDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.4 at scorpio.seibercom.net Date: Thu, 31 Jul 2014 08:42:04 -0400 From: Jerry To: freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <20140731084204.70f54672@scorpio> In-Reply-To: <53DA304E.6020105@herveybayaustralia.com.au> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> <201407201230590265.00B479C4@smtp.24cl.home> <20140729103512.GC89995@FreeBSD.org> <53DA304E.6020105@herveybayaustralia.com.au> Reply-To: User questions Organization: seibercom NET X-Mailer: Claws Mail 3.10.1 (GTK+ 2.24.22; amd64-portbld-freebsd10.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/vWUJ9q_pKmFllUy+DadfN_D"; protocol="application/pgp-signature" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2014 12:42:17 -0000 --Sig_/vWUJ9q_pKmFllUy+DadfN_D Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, 31 Jul 2014 22:02:22 +1000, Da Rock stated: >Without diminishing your efforts so far, what do you think about=20 >pitching all efforts into IPFW to combine effort and reduce overhead of=20 >maintaining separate firewalls in the core? Is there an advantage to=20 >having our own pf? The advantage is obvious -- you would have total control over the code. The disadvantage is that there is no one else to blame if it goes south. I use IPFW exclusively. I am by no means an expert, but I have figured out how to get it working without having to read reams of documentation. There are several examples that can be used and boilerplate's to be found on the FreeBSD site. I believe that those examples could be updated and perhaps a few others added, but it is certainly a good start. I have always believed that if you are not going to do something right, then don't do it at all. Continuing to maintain an application that is not fully functional, and lets face it, "state of the art", is just an example of futility. There are always going to be those 10% of users who are going to bitch and moan like a group of whiny high school girls. Forget them. They will eventually get on board. Hell, there are morons who would consider this a l=C3=A8se majest=C3=A9, as they no doubt did when cities changed from gas l= ights to electric one. The inability or unwillingness to evolve and change leads to extinction. --=20 Jerry --Sig_/vWUJ9q_pKmFllUy+DadfN_D Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJT2jmlAAoJEElTsHIJnX8e+nEH/iYSePb2IXYlcgzjYNn/qrKh VpLHJQtgUaiRu6WkzmY62BSuECBGdI2FPvCaj0JGHUyewiPVixli+1GgTfKkjxMe p5mBE/1Bqq6Bvq6enxon4wtQB68f0KDHyiRVPS0eHKMruiaSMzYYMZAlPPBGVFnq LASpH+BgVrwCHONiif5r+Lz0CJBnz8FYwLsOgR9azxfh3B4keKAzY+7Rhpn6rksL 1y2dxC0pELwKdxEOKFiXnNL7GhS29bdiRPUdoLAYSrg5gIyKTui8gzxX8736j5H8 z8xpHIX/UPrwUBeoYyQddnaUajWugNtqKHYXtwNnriqL/1FnxYvsgRfkDPGIH0s= =uJoW -----END PGP SIGNATURE----- --Sig_/vWUJ9q_pKmFllUy+DadfN_D--