tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Removing PF
Hello,
If you ignore the feature comparison with npf and you are and avid PF on
NetBSD fan, you should be concerned with the following:
On 29/03/2019 20:26, Maxime Villard wrote:
> Currently, NetBSD's PF is 11 years old, has received no maintenance,
> and has accumulated bugs and vulnerabilities that were fixed upstream
> but not in NetBSD. The latest examples are two vulnerabilities
> recently discovered in PF, that haven't been fixed in NetBSD's PF by
> lack of interest.
Your firewall of choice in NetBSD (PF) is lacking many bug fixes which
need to be integrated either by back porting or importing an up to date
version of pf.
It is irresponsible to ship an insecure firewall with known issues and
an added burden to the security team.
To address the security issues requires paying off a huge amount of
technical debt in the form of bringing things up to date with upstream
version of PF or analysing and back porting changes.
Should NetBSD-9 ship with a version of PF with known security issues?
Is anyone willing to step forward and take on the work?
Sevan
Home |
Main Index |
Thread Index |
Old Index