Date: Mon, 21 Jul 2014 23:48:49 +0200 From: Franco Fichtner <franco@lastsummer.de> To: Julian Elischer <julian@freebsd.org> Cc: "Kristian K. Nielsen" <freebsd@com.jkkn.dk>, freebsd-current@freebsd.org, Darren Pilgrim <list_freebsd@bluerosetech.com>, freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <C3581EF3-1F64-4568-8115-3418703ABD00@lastsummer.de> In-Reply-To: <53CC85E2.1030606@freebsd.org> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <53CC85E2.1030606@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Julian,
On 21 Jul 2014, at 05:15, Julian Elischer <julian@freebsd.org> wrote:
> Most people I talk to just use ipfw and couldn't care whether pf lives =
or dies. They have simple requirements and almost any filter would =
suffice. I haven't found anything I'd want to use pf for that ipfw =
doesn't allow me to do. There are things pf does that ipfw doesn't... I =
just never want them..
this is quite insightful. The gist of this discussion and the apparent
lack of upgrades to pf(4) seem to indicate that:
(a) other packet filters do the required jobs equally or better
or performance doesn't matter at all.
(b) for more progressive setups and requirements, FreeBSD servers
may as well be complemented with commercial firewalls, hand-rolled
or non-FreeBSD solutions
Is that somewhat accurate, or is there more to the story?
Cheers,
Franco=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C3581EF3-1F64-4568-8115-3418703ABD00>