On Thu, Nov 13, 2014 at 02:17:54PM -0500, suraj sandhu wrote: > Hi all, > > I am working on a product which used ipfilter but since ipfilter is not > supported by the FreeBSD community anymore and doesn't support VNETs, I > need to make a choice between IPFW and PF. > > I know IPFW is supported and works with VIMAGE, can someone here please let > me know if the PF also works with VIMAGE, specifically in FreeBSD 9?
Can you describe what kind of product you are working on,
and your requirements?
Are you interested in:
(1) Using a system with VIMAGE compiled into the kernel,
using the packet filter (IPFW, ipfilter, or PF)
*not* inside a VNET jail.
(2) Using a system with VIMAGE compiled into the kernel,
*and* using the packet filter (IPFW, ipfilter, or PF) inside a VNET
jail.
My experience on what works in FreeBSD 9 is based on working with FreeNAS
(which is derived from FreeBSD 9):
ipfw: Seems to work with (1) or (2) with least problems, but needs more
investigation
pf: Seems to work with (1), but (2) has problems some of which are fixed in
FreeBSD 10
ipfilter: crashes on bootup
I committed one fix for ipfilter which is not in FreeBSD 9:
https://lists.freebsd.org/pipermail/svn-src-all/2014-November/095036.html
which addresses (1) but not (2).
--
Craig
pgpYuYuPzUebq.pgp
Description: PGP signature
