pf(4) status in 7.0-R

Hugo Silva hugo at
Fri Jun 1 14:09:47 UTC 2007

LI Xin wrote:
> Stanislaw Halik wrote:
>> Heya,
>> Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
>> stuff in it, including expiretable functionality, which would come in
>> handy.
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some infrastructural
> changes to our routing code, which could be risky so we wanted to avoid
> it at this stage (about 15 days before RELENG_7 code freeze).  On the
> other hand, some functionality (like the expiretable feature) does not
> seem to touch a large part of kernel and might be appropriate
> RELENG_7(_0) candidate.
> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?
> BTW.  Patches are always welcome, as usual :-)  So don't hesitate to
> submit if you already did some work.
> Cheers,

pflog(4) is clonable
After creating additional pflog interfaces (using ifconfig), rules can 
specify which pflog interface to use: "pass out log to pflog1 on $ext_if 
to port smtp". This will log traffic sent to SMTP servers to a different 
log interface than the default. pflogd(8) and spamlogd(8) (spamlogd -l 
pflog1) can now be told which pflog interface to work with.

is the most interesting for my usual workloads :)

Best regards,


More information about the freebsd-current mailing list