Date: Thu, 18 Dec 2014 00:16:57 +0000 From: Christopher Petrik <chris@bsdjunk.com> To: freebsd-pf@freebsd.org Subject: Re: Alternative to pf? Message-ID: <20141218001656.GA18291@bsdjunk.com> In-Reply-To: <7be936232e96ae10d9734598014fd9d5@pyret.net> References: <7be936232e96ae10d9734598014fd9d5@pyret.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 18, 2014 at 12:43:59AM +0100, Daniel Engberg wrote: > Hi, > > During the year there has been several discussions regarding the state of pf > in FreeBSD. In most cases it seems to boil down to that it's too > hard/time-consuming to bring upstream patches from OpenBSD to FreeBSD. As > it's been mentioned Apple seems to update pf somewhat (copyright is changed > to 2013 at least) and file size differs between OS X releases but I wasn't > able to find any commit logs. > > That said, NetBSD have something similar to pf in syntax called npf which > seems actively maintained and the author seems open to the idea of porting > it to FreeBSD. > http://www.netbsd.org/~rmind/pub/npf_asiabsdcon_2014.pdf - Page 24 > However I'm not certain that it surpasses our current pf in terms of > functionality in all cases (apart from the firewalling ALTQ comes to mind > etc). > Perhaps this might be worth looking into and in the end drop pf due to the > reasons above? > > That said, don't forget all the work that has gone into getting pf where it > is today. > While I'm at it, does anyone else than me use ALTQ? While it's not > multithreaded I find a very good "tool" and it does shaping really well. > > Best regards, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" Hi, I think the real question is, "Do we really need so many firewall suites in FreeBSD" we have ipfw, ipf, pf I think the solution would be to port npf as it's bases is to be portable. I use it and it takes some getting used to but it looks promising. But then this creates a 4th suite to add into FreeBSD ? Chris -- In Tennessee, it is illegal to shoot any game other than whales from a moving automobile. Mutt Version: 1.5.23 OS Version: NetBSD 6.1.5 Hostname: netbsd.bsdjunk.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141218001656.GA18291>