Re: Removing PF

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 02/04/2019 à 22:29, Mouse a écrit :
> > > I continue to use pf and not npf because : [...]
> > However, I must say I'm still a bit confused by this answer (and the
> > others I've seen).  Do you understand that PF is a clear security
> > risk for your system?
>
> Is it?  Do you know MLH's systems enough to know whether any of the
> known vulnerabilities are relevant?  I don't.

That's a really simplistic answer; if by any chance he happens to avoid
every vuln found until now then it's fine to use PF? What about the next
one that comes in, will he still be lucky? No one will fix it, and it's
not viable. Or, he could be using PF in an entirely offline network, in
which case it is indeed fine (but that doesn't seem to be his particular
case).

> > If you really want to use PF, I would recommend that you switch to
> > another OS, for your own safety.  PF has no future in NetBSD.
>
> It doesn't?  It seems to me, from the lack of consensus I'm seeing
> here, that that remains to be seen.

We've been seeing it for eleven years, but we can wait another eleven
years in case you still have a doubt about whether anyone wants to work
on PF...