Re: Removing PF

To: Maxime Villard <max%m00nbsd.net@localhost>, tech-kern%netbsd.org@localhost
Subject: Re: Removing PF
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Date: Sat, 30 Mar 2019 14:07:04 +0000

Hello,
If you ignore the feature comparison with npf and you are and avid PF on
NetBSD fan, you should be concerned with the following:

On 29/03/2019 20:26, Maxime Villard wrote:
> Currently, NetBSD's PF is 11 years old, has received no maintenance,
> and has accumulated bugs and vulnerabilities that were fixed upstream
> but not in NetBSD. The latest examples are two vulnerabilities
> recently discovered in PF, that haven't been fixed in NetBSD's PF by
> lack of interest.
Your firewall of choice in NetBSD (PF) is lacking many bug fixes which
need to be integrated either by back porting or importing an up to date
version of pf.
It is irresponsible to ship an insecure firewall with known issues and
an added burden to the security team.

To address the security issues requires paying off a huge amount of
technical debt in the form of bringing things up to date with upstream
version of PF or analysing and back porting changes.

Should NetBSD-9 ship with a version of PF with known security issues?

Is anyone willing to step forward and take on the work?

Sevan

References:
- Removing PF
  - From: Maxime Villard

Prev by Date: Re: Removing PF
Next by Date: Re: Removing PF
Previous by Thread: Re: Removing PF
Next by Thread: Re: Removing PF
Indexes:

Home | Main Index | Thread Index | Old Index