Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 21 Jan 2004 17:38:36 +0100
From:      Max Laier <max@love2party.net>
To:        Art Mason <amason@rackspace.com>, "Freebsd-Net@Freebsd. Org" <freebsd-net@freebsd.org>
Subject:   Re: [Freebsd-net] PF installation on 5.2-RELEASE
Message-ID:  <200401211738.36532.max@love2party.net>
In-Reply-To: <1074700702.32768.14.camel@mizar.rackspace.com>
References:  <20040121152028.275D52B4D82@redqueen.elvandar.org> <1074700702.32768.14.camel@mizar.rackspace.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wednesday 21 January 2004 16:58, Art Mason wrote:
> Yes, indeed, many thanks for the quick response.  I had read through
> the makefile, but wasn't sure if there were any additional settings
> that I should take into consideration.  On that note, does anyone have
> any experience running PF under 5.2-RELEASE in a production
> environment, especially in conjunction w/ ALTQ?  I'm just curious,
> because I've really taken a liking to PF under OpenBSD and really like
> the ALTQ integration, especially in regards to upstream traffic
> shaping.  Does anyone have any experience with such implementations
> under 5.2-RELEASE.
>

If you will use pf on a dail-up line, which gets a dynamic IP via dhcp or 
similar means, or if you are _very_ concerned about secuirty, you might 
want to take a look at the "patches" directory 
(cd /usr/ports/security/pf; make patch; cd work/pf_freebsd_2.02/patches/; 
less README) to learn about additonal tweaks ("(if_name)" syntax, and bpf 
security).

pf alone has proven stable on a large number of FreeBSD installations 
(SMP, UP, 64bit ...) among them very busy sites. ALTQ lacks real-life 
tests for some of the "supported" NICs (as none of the ALTQ patchset 
developers has access to a big testlab). fxp, rl, tun and dc are well 
tested (by either Adrian, Pyun or myself) ... if you have another card 
reports are _very_ welcome! Just write a mail and we will spam you with 
patchsets until it works ;)

-- 
Best regards,				| max@love2party.net
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier@EFnet

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401211738.36532.max>