How to find out which version of PF a given box is using...

krad kraduk at gmail.com
Wed Sep 21 08:17:09 UTC 2011 

On 21 September 2011 09:05, Matthew Seaman
<m.seaman at infracaninophile.co.uk>wrote:

> On 21/09/2011 08:34, Matthew Seaman wrote:
> > On 21/09/2011 07:34, Modulok wrote:
> >> Is there an easy way to find out what version of PF a given FreeBSD
> version is
> >> using? Currently I'm doing this:
> >>
> >>     grep -iE '\bpf\b' /usr/src/UPDATING
> >>
> >> Just wondering if I'm missing something. I didn't see any '--version'
> >> flag in pfctl.
> >
> > Uh -- bpf is a different thing to PF.  bpf is Berkeley Packet Filter
> > which isn't anything to do with firewalling, but used eg. by tcpdump to
> > select certain packets from the wire.  As far as I know, bpf doesn't
> > have a separate version number; it just uses the OS version number.
> > It's been part of BSD Unices since dinosaurs roamed the earth.
>
> One of these days I'll learn not to send e-mail before coffee.  Please
> ignore the above -- red herring.
>
> > PF is the firewalling code imported from OpenBSD.  Again, it's part of
> > the base system in OpenBSD so it just uses the OpenBSD version number.
> > Every so often there will be a new import from OpenBSD -- I believe most
> > released versions of FreeBSD are using PF from OpenBSD 4.2, but there is
> > an update to OpenBSD 4.mumble in the works for the upcoming FreeBSD 9.0
> > release.  You'ld have to check the commit history in CVS or SVN to be
> sure.
>
> In fact, the last import listed as such in the CVS history was from
> OpenBSD 4.1 but that was around 2007 when FreeBSD was on version 6.x --
> long time ago.  There's been plenty of updates since (which, IIRC, made
> the FreeBSD code pretty much equivalent to what is in OpenBSD 4.2), but
> no wholesale reimport until about 2 months ago, when OpenBSD 4.5 code
> was imported into head.
>
> http://svnweb.freebsd.org/base?view=revision&revision=223637
>
> AFAIK, that is not a candidate for MFC to stable/8 or earlier, as it
> modifies KBIs.
>
>        Cheers,
>
>        Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>                                                  Flat 3
> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
> JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW
>
>
If its been syncd to openbsd 4.5 version of pf, its still quite a way behind
openbsd's version in the latest release as they are not on 4.9 with 5.0
imminent. Looking at the docs there were quite a lot of changes when openbsd
was bumped to 4.7

More information about the freebsd-questions mailing list