Date: Fri, 21 Jun 2013 21:44:56 -0500 From: Chris Buechler <cbuechler@gmail.com> To: Stan Gammons <s_gammons@charter.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF bugs Message-ID: <CAOmxWMXfKyr5gjQUpqqraTVaLJ3XOFNK7P040FPOCSaMGigXdA@mail.gmail.com> In-Reply-To: <1371865788.22524.9.camel@localhost> References: <1371865788.22524.9.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 21, 2013 at 8:49 PM, Stan Gammons <s_gammons@charter.net> wrote: > I see there are several PF bugs and wondered if it's because PF isn't > maintained on FreeBSD? Perhaps that's the case given the version > differences versus PF on OpenBSD. pf is actively developed and maintained on FreeBSD, and widely used. The PRs that are open are largely ages old, no longer relevant and need to be cleaned up, or were bunk to begin with. There aren't really that many open either considering, every component of any widely used OS has open bugs. That's not indicative of anything in itself generally. FreeBSD+pf is the base of a significant number of firewalls, 180,000+ known live systems on pfSense alone (though that's not quite stock FreeBSD pf, it's close), and many others. > If not, is Ipfilter the "preferred" > firewall on FreeBSD? No, ipfilter may well go away in 10, it's not currently maintained. > Or is IPFW? Most people use pf or ipfw. The majority of network firewall use cases, or at least all of them that require enterprise class features like state synchronization for HA, use pf. ipfw is likely more common as a host firewall on servers, from what I've seen at least. > I like PF, but reporting utilities > for it, compared to ipfilter and even iptables on Linux, leave a bit to > be desired. > In what regard? What are you looking for that doesn't exist?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOmxWMXfKyr5gjQUpqqraTVaLJ3XOFNK7P040FPOCSaMGigXdA>