Re: NPF and PF

To: tech-net%NetBSD.org@localhost
Subject: Re: NPF and PF
From: Hauke Fath <hauke%Espresso.Rhein-Neckar.DE@localhost>
Date: Wed, 16 Dec 2020 16:07:54 +0100

On Wed, 16 Dec 2020 13:26:12 +0100, Joerg Sonnenberger wrote:
> On Tue, Dec 15, 2020 at 10:40:46PM -0600, Hector wrote:
>> My use cases depend on PF.  NPF is incapable of doing some things which
>> I currently do with PF.  If there are any plans or thoughts to remove PF
>> from NetBSD, I would be greatly concerned. In fact, I would like to see
>> PF be maintained so it is not considered "obsolete". I might be able
>> to work on this, if I were given some guidance.
> 
> I think you are severely underestimating the amount of work updating PF
> involves. Yes, there are known shortcomings in NPF, but changes are
> extremely high that fixing them is at least an order of magnitude less
> work. That's not even including the work of keeping it up-to-date.

FreeBSD has forked pf a while back, and made it smp capable. I have 
converted three NetBSD 7 routers @work to FreeBSD three years ago, and 
they have been performant and stable ever since. If you need the 
feature set of pf, but cannot stomach its creators, that would be the 
way to go.

IMHO, the NetBSD packet filter supports SOHO installations at best; 
anything else is misleading.

Cheerio,
Hauke

-- 
Hauke Fath                        <hauke%Espresso.Rhein-Neckar.DE@localhost>
Grabengasse 57
64372 Ober-Ramstadt
Germany

Follow-Ups:
- Re: NPF and PF
  - From: Manuel Bouyer
- Re: NPF and PF
  - From: Joerg Sonnenberger

References:
- NPF and PF
  - From: Hector
- Re: NPF and PF
  - From: Joerg Sonnenberger

Prev by Date: Re: NPF and PF
Next by Date: Re: NPF and PF
Previous by Thread: Re: NPF and PF
Next by Thread: Re: NPF and PF
Indexes:

Home | Main Index | Thread Index | Old Index