On 2019/04/01 07:01, Claudio Jeker wrote: > There have been internal discussions about OpenBSD also removing the pf > packet filter after the upcoming 6.5 release. Instead a switch to > using David Gwynne's new bpf filter will happen. > The benefits outweigh the drawbacks and the missing features will be > readily implemented in time for the 6.6 release.
I think FTP might be a bit of a problem here. It is clearly problematic with firewalls and CGN; who do we talk to about getting RFC959 obsoleted? In the meantime we could have an awk script parsing tcpdump output and reactively updating the bpf filter.
