Update to PF from OpenBSD 6.5
Kristof Provost
kp at FreeBSD.org
Tue Aug 20 11:06:33 UTC 2019
On 20 Aug 2019, at 12:32, Goran Mekić wrote:
> On Tue, Aug 20, 2019 at 11:49:18AM +0200, Kristof Provost wrote:
>> One thing I’ve thought of trying, and that might be an interesting stepping
>> stone, is to create a port (/usr/ports/net/opf or whatever) of OpenBSD’s pf.
>> In that version it’d be acceptable to not fix any of the above issues. It’d
>> still give users to option of getting the new syntax. I’d expect this to be
>> a relatively straightforward exercise.
> That would be cool, but only if FreeBSD PF can not be "fixed" to support
> OpenBSD PF syntax.
>
The main issue there is one of compatibility. How happy will our users be if their rulesets suddenly stop working after an upgrade?
Anyway, none if this is on my active todo list. Don’t expect to see it any time soon.
>> In principle there’s nothing to stop us from doing that same work in base,
>> but we’re **NOT** going to import a fourth firewall. We’re just not.
> Are you sure? https://2019.eurobsdcon.org/talk-speakers/#NPF. At least I
> hope the import is pfil based.
>
I don’t know what George’s plans are exactly, but it’s likely that he’s doing the porting work to get an apples-to-apples comparison of firewall performance, not because he wants to maintain another firewall.
Either way, I’m not pushing for another firewall. George gets to own one if he wants to.
Regards,
Kristof
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 549 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20190820/35a7e561/attachment.sig>
More information about the freebsd-pf
mailing list