Date: Wed, 17 Dec 2014 22:54:57 -0300 From: Mario Lobo <lobo@bsd.com.br> To: freebsd-pf@freebsd.org Subject: Re: Alternative to pf? Message-ID: <20141217225457.64c16404@Papi> In-Reply-To: <7be936232e96ae10d9734598014fd9d5@pyret.net> References: <7be936232e96ae10d9734598014fd9d5@pyret.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Dec 2014 00:43:59 +0100 Daniel Engberg <daniel.engberg.lists@pyret.net> wrote: > Hi, > > During the year there has been several discussions regarding the > state of pf in FreeBSD. In most cases it seems to boil down to that > it's too hard/time-consuming to bring upstream patches from OpenBSD > to FreeBSD. As it's been mentioned Apple seems to update pf somewhat > (copyright is changed to 2013 at least) and file size differs between > OS X releases but I wasn't able to find any commit logs. > > That said, NetBSD have something similar to pf in syntax called npf > which seems actively maintained and the author seems open to the idea > of porting it to FreeBSD. > http://www.netbsd.org/~rmind/pub/npf_asiabsdcon_2014.pdf - Page 24 > However I'm not certain that it surpasses our current pf in terms of > functionality in all cases (apart from the firewalling ALTQ comes to > mind etc). > Perhaps this might be worth looking into and in the end drop pf due > to the reasons above? > > That said, don't forget all the work that has gone into getting pf > where it is today. > While I'm at it, does anyone else than me use ALTQ? While it's not > multithreaded I find a very good "tool" and it does shaping really > well. > > Best regards, > Daniel > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" I think that just pf and ipfw would be more than "enough" for FBSD. I have used both but I'm more comfortable with pf's configuration than with ipfw. I have even tested ipfw filtering together with pf altq. I totally rely on pf's ALTQ at production simply because it works perfectly, no matter how complex the setup. Been using it for years now. From what I have read, there are quite a few changes in openbsd pf, specially as far syntax is concerned. I'm just a user so I can only imagine the hard work involved in porting it but running the risk of making a lame comment, I would be completely satisfied if only 2 things could be implemented: SMP and fix the ALTQ limitation "bug". For everything else, I wouldn't change a thing. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio.... YET!!] (99% winblows FREE) "UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141217225457.64c16404>