Hi Mark, Why not consider NPF from NetBSD where SMP friendly firewalling is a given. I do understand it'll cost lots of work too, but it might be more easy to making pf SMP friendly. Then again, making software MPsafe and having it perform very well with SMP are two different things. Considering NPF has been taking this into account from day one, performance wise it might be best to consider NPF. Please note that I didn't say anything about the quality or functionality about pf and npf. NPF was designed with performance in mind. Also I did not say anything about the memory usage and their efficiency in that field. I feel I need to point these things about before I unintentionally offend some people. Thanks,
Reinoud. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Mark Felder Sent: Monday, March 04, 2013 6:13 AM To: [email protected]; Robert Simmons Subject: Re: Firewall Options On Sun, 03 Mar 2013 17:12:18 -0600, Robert Simmons <[email protected]> wrote: > Are there plans to update ipfilter or pf to current versions? > ipfilter is currently at 5.1.2, but the version in FreeBSD is 4.1.28 > from 2007. > > On the pf side, the version in FreeBSD is 4.5, but the current version > I would understand to be 5.2. The version in FreeBSD is pre-4.7, so > much of the syntax in the current documentation is different and does > not work in this older version. > > Is IPFW the only maintained firewall option, or is there a way to > build either of the above as ports? > It takes a *lot* of work to re-port packet filters to a different BSD kernel and ensure everything works perfectly. We recently received a nice pf version bump with the release of 9.0 and it doesn't seem likely we'll see another soon. There is an SMP-friendly fork of pf in progress for FreeBSD. It may very well turn out that FreeBSD's pf completely diverges from OpenBSD's permanently as OpenBSD has no interest in an SMP-friendly pf. http://lists.freebsd.org/pipermail/freebsd-pf/2012-June/006643.html As for IPFW -- I honestly don't know. I can't remember the last time there was a major update of IPFW for FreeBSD. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
