Re: kern/50809: pf panics while purging state (Christos Zoulas) wrote:
   > If we are not going to maintain them or spend cycles try to fix the
   > bugs people report, we should get people to use npf which we actively
   > maintain. For that we need to get npf to have feature parity with the
   > other packet filters. Hauke can you try switching in this case?

   I have not had enough time recently to work on the feature parity
   recently, but I am more than happy to spread the knowledge on the
   NPF internals and help with the work.  I also have some unfinished
   patches which add features; they need some mechanical completion
   and just testing really.


I probably use IPF in a somewhat unusual manor, but the only reason I
don't use NPF is the seemly lack of BRIDGE_IPF.  I have placed an IPF
filter in between me and the Internet with another system lower down doing
NAT, and internal routing and more firewalling.  I actually have a small
set of fully routable IPs that live on systems and would rather not do NAT
on the edge if I can help it, nor would I like to maintain firewall sets
on these systems for those things I would like to prevent from leaving or
prevent from entering the edge network.

