Date: Wed, 17 Dec 2014 22:54:57 -0300 From: Mario Lobo <lobo@bsd.com.br> To: freebsd-pf@freebsd.org Subject: Re: Alternative to pf? Message-ID: <20141217225457.64c16404@Papi> In-Reply-To: <7be936232e96ae10d9734598014fd9d5@pyret.net> References: <7be936232e96ae10d9734598014fd9d5@pyret.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Dec 2014 00:43:59 +0100 Daniel Engberg <daniel.engberg.lists@pyret.net> wrote: > Hi, >=20 > During the year there has been several discussions regarding the > state of pf in FreeBSD. In most cases it seems to boil down to that > it's too hard/time-consuming to bring upstream patches from OpenBSD > to FreeBSD. As it's been mentioned Apple seems to update pf somewhat > (copyright is changed to 2013 at least) and file size differs between > OS X releases but I wasn't able to find any commit logs. >=20 > That said, NetBSD have something similar to pf in syntax called npf=20 > which seems actively maintained and the author seems open to the idea > of porting it to FreeBSD. > http://www.netbsd.org/~rmind/pub/npf_asiabsdcon_2014.pdf - Page 24 > However I'm not certain that it surpasses our current pf in terms of=20 > functionality in all cases (apart from the firewalling ALTQ comes to=20 > mind etc). > Perhaps this might be worth looking into and in the end drop pf due > to the reasons above? >=20 > That said, don't forget all the work that has gone into getting pf > where it is today. > While I'm at it, does anyone else than me use ALTQ? While it's not=20 > multithreaded I find a very good "tool" and it does shaping really > well. >=20 > Best regards, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" I think that just pf and ipfw would be more than "enough" for FBSD. I have used both but I'm more comfortable with pf's configuration than with ipfw. I have even tested ipfw filtering together with pf altq. I totally rely on pf's ALTQ at production simply because it works perfectly, no matter how complex the setup. Been using it for years now. =46rom what I have read, there are quite a few changes in openbsd pf, specially as far syntax is concerned. I'm just a user so I can only imagine the hard work involved in porting it but running the risk of making a lame comment, I would be completely satisfied if only 2 things could be implemented: SMP and fix the ALTQ limitation "bug". For everything else, I wouldn't change a thing. --=20 Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE) =20 "UNIX was not designed to stop you from doing stupid things,=20 because that would also stop you from doing clever things."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141217225457.64c16404>