Re: update pf

To: tech-net%netbsd.org@localhost
Subject: Re: update pf
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Sun, 4 Dec 2016 23:42:50 +0100

On Sun, Dec 04, 2016 at 11:26:34PM +0100, Egerváry Gergely wrote:
> > OpenBSD's PF is not maintainable. It got more and more tentacles into
> > the rest of the OpenBSD network stack. So yes, effectively I think NPF
> > is the only viable option midterm.
> 
> Bad news. PF is a great design and it's quite multiplatform. It is in
> Solaris 11.3, Mac OS X 10.7, FreeBSD and DragonFly, pfSense (= FreeBSD)
> and probably others. (FreeBSD port is outdated, too)

Have you ported it to any of those systems? I can assure you, it is
*not* designed to be integrated with other systems. Trying to keep
up with the OpenBSD changes is a significant amount of work. I don't
know how many developers are paid by Oracle or Apple for it, but for a
volunteering project it is not that easy.

> NPF is missing TPROXY / divert sockets functionality.

Missing functionality in NPF is a different topic.

Joerg

References:
- update pf
  - From: Egerváry Gergely
- Re: update pf
  - From: Joerg Sonnenberger
- Re: update pf
  - From: Egerváry Gergely
- Re: update pf
  - From: Joerg Sonnenberger
- Re: update pf
  - From: Egerváry Gergely

Prev by Date: Re: update pf
Next by Date: Re: Deferred if_start
Previous by Thread: Re: update pf
Next by Thread: Re: update pf
Indexes:

Home | Main Index | Thread Index | Old Index