> However, I must say I'm still a bit confused by this answer (and the others > I've seen). Do you understand that PF is a clear security risk for your > system?
Yes, I see you keep agreeing that NetBSD has no safely working packet filter. We are patiently waiting for one. Since NetBSD v1.2 in my case. If we all aborted support for an OS because there were clear security risks, there wouldn't be any "free" OS development. If I had a clue about packet filter development, I would gladly try to help. My forte was scientific computing. Not much use for that since I retired. :^)
