Future of pf / firewall in FreeBSD ? - does it have one ?

Franco Fichtner franco at lastsummer.de
Mon Jul 21 21:48:57 UTC 2014

Hi Julian,

On 21 Jul 2014, at 05:15, Julian Elischer <julian at freebsd.org> wrote:

> Most people I talk to just use ipfw and couldn't care whether pf lives or dies.  They have simple requirements and almost any filter would suffice.  I haven't found anything I'd want to use pf for that ipfw doesn't allow me to do. There are things pf does that ipfw doesn't... I just never want them..

this is quite insightful.  The gist of this discussion and the apparent
lack of upgrades to pf(4) seem to indicate that:

(a) other packet filters do the required jobs equally or better
    or performance doesn't matter at all.

(b) for more progressive setups and requirements, FreeBSD servers
    may as well be complemented with commercial firewalls, hand-rolled
    or non-FreeBSD solutions

Is that somewhat accurate, or is there more to the story?


More information about the freebsd-questions mailing list