From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 31 13:41:59 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id F3580F50;
 Thu, 31 Jul 2014 13:41:58 +0000 (UTC)
Received: from cell.glebius.int.ru (glebius.int.ru [81.19.69.10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "cell.glebius.int.ru", Issuer "cell.glebius.int.ru" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 74DFE20BB;
 Thu, 31 Jul 2014 13:41:57 +0000 (UTC)
Received: from cell.glebius.int.ru (localhost [127.0.0.1])
 by cell.glebius.int.ru (8.14.9/8.14.9) with ESMTP id s6VDflZ7071560
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 31 Jul 2014 17:41:47 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by cell.glebius.int.ru (8.14.9/8.14.9/Submit) id s6VDflO1071559;
 Thu, 31 Jul 2014 17:41:47 +0400 (MSK)
 (envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to
 glebius@FreeBSD.org using -f
Date: Thu, 31 Jul 2014 17:41:47 +0400
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Da Rock <freebsd-questions@herveybayaustralia.com.au>
Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ?
Message-ID: <20140731134147.GH2402@glebius.int.ru>
References: <53C706C9.6090506@com.jkkn.dk>
 <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de>
 <53CB4736.90809@bluerosetech.com>
 <201407200939020335.0017641F@smtp.24cl.home>
 <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de>
 <201407201230590265.00B479C4@smtp.24cl.home>
 <20140729103512.GC89995@FreeBSD.org>
 <53DA304E.6020105@herveybayaustralia.com.au>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <53DA304E.6020105@herveybayaustralia.com.au>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: "Mike." <the.lists@mgm51.com>, freebsd-current@freebsd.org,
 freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Jul 2014 13:41:59 -0000

On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote:
D> Without diminishing your efforts so far, what do you think about 
D> pitching all efforts into IPFW to combine effort and reduce overhead of 
D> maintaining separate firewalls in the core? Is there an advantage to 
D> having our own pf?

Is there any disadvantage keeping it? It is a plugin. It is optional
and loadable. I removed most additions to the network stack that live
outside netpfil/pf.

Some people like it and use it.

It is also the only tool to configure ALTQ now.

-- 
Totus tuus, Glebius.