pf and keep/modulate state on 6.2

JD Bronson jbronson at
Sat Jul 21 13:20:18 UTC 2007

At 02:08 PM 7/21/2007 +0100, RW wrote:
>On Sat, 21 Jul 2007 07:29:53 -0500
>JD Bronson <jbronson at> wrote:
> > thanks for the update on this. I had forgot about it since I just
> > stopped using modulate state (is it really needed anymore?).
> >
> > Then, the beginning of this month I moved my firewall/router back
> > over to OpenBSD 4.1 to stay more current with pf instead of running
> > -CURRENT within FreebSD.
> >
> > This fix really should be incorporated into 6.2-STABLE or even
> > 6.2-STANDARD I think. I wonder how many people use this and don't
> > even know its messed up?
>I think it depends what percentage of people see connections actually
>petering-out to nothing, like I did, rather that just slowing down.
>What I'm wondering is how many more serious bugs have been fixed in
>OpenBSD, but not ported. As well as modulate state, I also stopped
>using hfsc because ping-times sometimes just seem to jump-up to several
>seconds and stay there.

I never understood why Freebsd can't keep up to date with openbsd at 
least in regards to pf....thats the #1 reason I dont use freebsd as a 
firewall anymore.

If they kept up to date, freebsd would rock. I always get much better 
performance than with openbsd..but with openbsd, I get stability and 
current versions of pf and the features therein, that I am after....

Netbsd is MUCH worse...I tried to use some pf commands and got errors 
only to find out that these features are not in the pf that ships 
with 3.0.1 netbsd.

I was very surprised...gee, how the heck OLD is pf in Netbsd 3.0.1 ?!!?

Maybe whomever supports/ports pf into freebsd will read this and 
either respond with reasons as to why freebsd cant be closer in sync 
with pf from openbsd or at least update it more often.


More information about the freebsd-questions mailing list