Future of pf / firewall in FreeBSD ? - does it have one ?
Mark Felder
feld at freebsd.org
Sat Jul 19 13:50:21 UTC 2014
On Jul 19, 2014, at 3:35, Andreas Nilsson <andrnils at gmail.com> wrote:
> On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim <
> list_freebsd at bluerosetech.com> wrote:
>
>> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
>>
>>> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
>>> K> following OpenBSD's pf the past? - should it be?
>>>
>>> Following OpenBSD on features would be cool, but no bulk imports
>>> would be made again. Bulk imports produce bad quality of port,
>>> and also pf in OpenBSD has no multi thread support.
>>>
>>
>> I would much rather have a slower pf that actually supports modern
>> networking than a faster one I can't use due to showstopper flaws and
>> missing features.
>>
>
> So would I. Not that we use pf, but anyway.
>
>>
>> There is currently no viable firewall module for FreeBSD if you want to do
>> things like route IPv6.
>
>
> Isn't that possible with ipfw?
>
> Perhaps the pf guys in OpenBSD could be convinced to start openpf and have
> porting layer as in openzfs.
>
I do not know ipfw IPv6 limitations, but the Wikipedia article says:
* IPv6 support (with several limitations)
Choice is nice, but I would like to see the project promote one firewall to users. My coworkers long ago jumped ship from ipfw to pf and I know regret that decision due to the IPv6 bugs. At this point it's too hard to migrate all the servers off of pf.
More information about the freebsd-questions
mailing list