From owner-freebsd-pf@FreeBSD.ORG  Mon Sep 20 21:06:25 2004
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84BBB16A4CE
	for <freebsd-pf@freebsd.org>; Mon, 20 Sep 2004 21:06:25 +0000 (GMT)
Received: from mail3.speakeasy.net (mail3.speakeasy.net [216.254.0.203])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 51DC343D2F
	for <freebsd-pf@freebsd.org>; Mon, 20 Sep 2004 21:06:25 +0000 (GMT)
	(envelope-from freebsd-pf.20.openmacnews@spamgourmet.com)
Received: (qmail 321 invoked from network); 20 Sep 2004 21:06:25 -0000
Received: from ns1.presence-group.net (HELO [172.30.11.6])
	(blakers@[216.27.177.134])
	<freebsd-pf.20.openmacnews@spamgourmet.com>)encrypted SMTP
	for <freebsd-pf@freebsd.org>; 20 Sep 2004 21:06:24 -0000
Date: Mon, 20 Sep 2004 14:06:22 -0700
From: OpenMacNews <freebsd-pf.20.openmacnews@spamgourmet.com>
To: freebsd-pf <freebsd-pf@freebsd.org>
Message-ID: <3115A3AD0B2015CD92858115@[172.30.11.6]>
X-Mailer: Mulberry/3.1.6 (Mac OS X)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Subject: does (can?) freebsd-pf 'support' OSX?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: OpenMacNews <freebsd-pf.20.openmacnews@spamgourmet.com>
List-Id: Technical discussion and general questions about packet filter (pf)
	<freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2004 21:06:25 -0000

hi all,

i've a couple of old macs i'd like to turn into useful gateway/firewall boxes.

they're running MacOSX 10.3.5 just fine.

but, with OSX, i'm stuck with ipfw -- v1, no less!

if my goal is a decent firewall, i understand my options to be pf & iptables.

to get to either, i can, of course, fight to get the openbsd, netbsd, freebsd, YelloDogLinux and/or Debian ports running on the box ... but given the h/w upgrades i have (ATA card, CPU upgrade) it doesn't look good.

soooooo, my QUESTION to y'all:

as OSX "shares" underpinnings with FreeBSD -- some go so far as to say "built on", but i get lost in the Mach vs FreeBSD core discussions -- I'm wondering if it's (a) currently possible, or (b) what would it take to get the freebsd-pf port up/running on OSX?

is is a forgone conclusion that pf is/must be built in to the kernel?  or can it be built as an extension to OSX?

i simply am too green to know/understand the answer at this point, and would appreciate any/all pointers/comments/etc.  =)

fwiw, i've raised this issue on the Darwin kernel & developer lists a number of times over the past months-n-years to no avail ...

the best i ever got was a "we're looking at firewalls" from someone, and the leaning, at that time, was towards ipfw2.

bottom line?  how can i get pf running on OSX?

cheers,

richard