Future of pf in FreeBSD ? - does it have one ?
Kristian K. Nielsen
freebsd at com.jkkn.dk
Tue Jul 8 22:32:39 UTC 2014
Hi all,
I am a happy user of the pf-firewall module and have been for years and
think it is really great but lately its getting a bit dusty.
The last few years, however, it seem that pf in FreeBSD got a long way
away from pf in OpenBSD where it originated and I am also continually
watching where FreeBSD goes with ipfilter (ipf) and ipfw (dead?).
So I am curious if any on the mailing could elaborate about what the
future of pf in FreeBSD is.
a) First of all - are any actively developing pf in FreeBSD?
b) We are a major release away from OpenBSD (5.6 coming soon) - is
following OpenBSD's pf the past?
c) We never got the new syntax from OpenBSD 4.7's pf - is that still
blocking us?
d) Anyone working on bringing FreeBSD up to 5.6?
e) OpenBSD is retiring ALTQ entirely - any thoughts on that?
http://undeadly.org/cgi?action=article&sid=20140419151959
f) IPv6 support?- it seem to be more and more challenged in the current
version of pf in FreeBSD and I am (as well as others) introducing more
and more IPv6 in networks.
E.x. Bugs #179392, #172648, #130381, #127920 and more seriously #124933,
which is the bug on not handling IPv6 fragments which have been open
since 2008 and where the workaround is necessity to leave an open hole
in your firewall ruleset to allow all fragments. Occoring to comment in
the bug, this have been long gone in OpenBSD.
Hope to heard from you all,
Best regards,
Kristian Kræmmer Nielsen,
Odense, Denmark
More information about the freebsd-pf
mailing list