PF bugs
Chris Buechler
cbuechler at gmail.com
Sat Jun 22 02:45:21 UTC 2013
On Fri, Jun 21, 2013 at 8:49 PM, Stan Gammons <s_gammons at charter.net> wrote:
> I see there are several PF bugs and wondered if it's because PF isn't
> maintained on FreeBSD? Perhaps that's the case given the version
> differences versus PF on OpenBSD.
pf is actively developed and maintained on FreeBSD, and widely used.
The PRs that are open are largely ages old, no longer relevant and
need to be cleaned up, or were bunk to begin with. There aren't really
that many open either considering, every component of any widely used
OS has open bugs. That's not indicative of anything in itself
generally. FreeBSD+pf is the base of a significant number of
firewalls, 180,000+ known live systems on pfSense alone (though that's
not quite stock FreeBSD pf, it's close), and many others.
> If not, is Ipfilter the "preferred"
> firewall on FreeBSD?
No, ipfilter may well go away in 10, it's not currently maintained.
> Or is IPFW?
Most people use pf or ipfw. The majority of network firewall use
cases, or at least all of them that require enterprise class features
like state synchronization for HA, use pf. ipfw is likely more common
as a host firewall on servers, from what I've seen at least.
> I like PF, but reporting utilities
> for it, compared to ipfilter and even iptables on Linux, leave a bit to
> be desired.
>
In what regard? What are you looking for that doesn't exist?
More information about the freebsd-pf
mailing list