> On Dec 17, 2014, at 7:54 PM, Mario Lobo <l...@bsd.com.br> wrote: > > On Thu, 18 Dec 2014 00:43:59 +0100 > Daniel Engberg <daniel.engberg.li...@pyret.net> wrote: > >> Hi, >> >> During the year there has been several discussions regarding the >> state of pf in FreeBSD. In most cases it seems to boil down to that >> it's too hard/time-consuming to bring upstream patches from OpenBSD >> to FreeBSD. As it's been mentioned Apple seems to update pf somewhat >> (copyright is changed to 2013 at least) and file size differs between >> OS X releases but I wasn't able to find any commit logs. >> >> That said, NetBSD have something similar to pf in syntax called npf >> which seems actively maintained and the author seems open to the idea >> of porting it to FreeBSD. >> http://www.netbsd.org/~rmind/pub/npf_asiabsdcon_2014.pdf - Page 24 >> However I'm not certain that it surpasses our current pf in terms of >> functionality in all cases (apart from the firewalling ALTQ comes to >> mind etc). >> Perhaps this might be worth looking into and in the end drop pf due >> to the reasons above? >> >> That said, don't forget all the work that has gone into getting pf >> where it is today. >> While I'm at it, does anyone else than me use ALTQ? While it's not >> multithreaded I find a very good "tool" and it does shaping really >> well. >> >> Best regards, >> Daniel >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > > > I think that just pf and ipfw would be more than "enough" for FBSD. I > have used both but I'm more comfortable with pf's configuration than > with ipfw. I have even tested ipfw filtering together with pf altq. I > totally rely on pf's ALTQ at production simply because it works > perfectly, no matter how complex the setup. Been using it for years now.
Even with the SMP in 10, pf is as slow as molasses in January, and 10G interfaces are a thing now. (Someone is sure to cry, “but I can fill a 10G interface in front of pf!”. Yes, with max-sized packets. Try it with 256 byte (or 64 byte) packets. Yup. Moreover, pf is has fundamental limitations (last match). > From what I have read, there are quite a few changes in openbsd pf, > specially as far syntax is concerned. I'm just a user so I can only > imagine the hard work involved in porting it but running the risk of > making a lame comment, I would be completely satisfied if only 2 things > could be implemented: SMP and fix the ALTQ limitation "bug”. FreeBSD already has SMP, and I don’t know what you might be referring to as “ALTQ limitation ‘bug’”. Are you saying you’d be “completely satisfied” if you had SMP support with OpenBSD or a port of OpenBSD’s pf to FreeBSD, or something else? _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
