From owner-freebsd-pf@FreeBSD.ORG Thu Dec 18 00:32:21 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 89D63F9 for ; Thu, 18 Dec 2014 00:32:21 +0000 (UTC) Received: from sender1.zohomail.com (sender1.zohomail.com [74.201.84.157]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72E2717CB for ; Thu, 18 Dec 2014 00:32:21 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=bsdjunk; d=bsdjunk.com; h=date:from:to:subject:message-id:references:mime-version:content-type:in-reply-to:user-agent; b=JhhNy4m5RfElxOs5LkoI2nUhy5BDfOYU4lYISpF5G7ZOTfXxLarVjPV7iz8NNCvZph0SbC9/aajN K/quQ73BsVvLfg8oAEtBpQIkLbNuILDHEjH40CIQWhACERb+JErue9AnMRYlt7KZLVYm9+REsc8p CP4GbiVSlSg/ArtQYuU= Received: from bsdjunk.com (netbsd.bsdjunk.com [199.48.135.150]) by mx.zohomail.com with SMTPS id 1418861819592199.98821561435523; Wed, 17 Dec 2014 16:16:59 -0800 (PST) Date: Thu, 18 Dec 2014 00:16:57 +0000 From: Christopher Petrik To: freebsd-pf@freebsd.org Subject: Re: Alternative to pf? Message-ID: <20141218001656.GA18291@bsdjunk.com> References: <7be936232e96ae10d9734598014fd9d5@pyret.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7be936232e96ae10d9734598014fd9d5@pyret.net> User-Agent: Mutt/1.5.23 (2014-03-12) X-ZohoMailClient: External X-Zoho-Virus-Status: 2 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 00:32:21 -0000 On Thu, Dec 18, 2014 at 12:43:59AM +0100, Daniel Engberg wrote: > Hi, > > During the year there has been several discussions regarding the state of pf > in FreeBSD. In most cases it seems to boil down to that it's too > hard/time-consuming to bring upstream patches from OpenBSD to FreeBSD. As > it's been mentioned Apple seems to update pf somewhat (copyright is changed > to 2013 at least) and file size differs between OS X releases but I wasn't > able to find any commit logs. > > That said, NetBSD have something similar to pf in syntax called npf which > seems actively maintained and the author seems open to the idea of porting > it to FreeBSD. > http://www.netbsd.org/~rmind/pub/npf_asiabsdcon_2014.pdf - Page 24 > However I'm not certain that it surpasses our current pf in terms of > functionality in all cases (apart from the firewalling ALTQ comes to mind > etc). > Perhaps this might be worth looking into and in the end drop pf due to the > reasons above? > > That said, don't forget all the work that has gone into getting pf where it > is today. > While I'm at it, does anyone else than me use ALTQ? While it's not > multithreaded I find a very good "tool" and it does shaping really well. > > Best regards, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" Hi, I think the real question is, "Do we really need so many firewall suites in FreeBSD" we have ipfw, ipf, pf I think the solution would be to port npf as it's bases is to be portable. I use it and it takes some getting used to but it looks promising. But then this creates a 4th suite to add into FreeBSD ? Chris -- In Tennessee, it is illegal to shoot any game other than whales from a moving automobile. Mutt Version: 1.5.23 OS Version: NetBSD 6.1.5 Hostname: netbsd.bsdjunk.com