On Sun, Feb 20, 2011 at 4:16 PM, jhell <jh...@dataix.net> wrote: > > On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >> >> On 20 February 2011 06:50, jhell <jh...@dataix.net> wrote: >>> >>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>> >>>> I heard while ago about packet filter update coming, but there're no >>>> news about. Which status of this update? >>>> >>> >>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in >>> the >>> archives for HEAD. >>> >> >> Differences between pf45 and pf47 are more smaller than between pf45 >> and current pf. >> >> I've found them, but there no status about. Should I ask same question >> in freebsd-current@ mail list? >> > > Difference being that after pf45 there was a syntax change that is nearly > incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was > voted as the most likely to be merged into HEAD. > > There is an email from Theo @openbsd.org about the syntactic changes that > have made people a little jumpy at adopting pf > 45 but eventually it will > work its way in. > > What advantages to using pf47 over using pf45 have you found in ``real use'' > ? and how realistic are those changes for the masses ?
The firewall (FreeBSD 7.3) that I manage at work currently contains 36 nat/rdr rules and 39 filter rules. It's responsible for passing traffic between 4 different networks. After reading the OpenBSD pf FAQ, the biggest advantage that I see of pf47+ is the ability to combine related filter/nat/rdr rules, making the entire ruleset easier to maintain. Personally, I would love to see the latest version of pf make it into FreeBSD 9 or even one of the 8.x releases. Compatibility with existing syntax is not as important to me as the ability to simplify my set of rules. - Max _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
