On Feb 25, 8:40pm, Jukka Marin wrote:
}
} I'm setting up a new gateway machine (NetBSD 7.0). My old gateway is based
} on NetBSD 6.0 and pf. Can I use pf on NetBSD 7.0 or should I move to npf?
} Why?
You could certainly use pf with NetBSD 7.0. However, I would
have to point out that the version of pf that came with NetBSD 6.0
was ancient and unmaintained. The situation hasn't changed with
NetBSD 7.0, i.e it ships with pretty much the same code for pf that
NetBSD 6.0 did.
} I have found more examples and manuals for pf, and moving to npf seems like
} extra work. With pf, I could also copy my config over with minor
} modifications (I guess).
npf is relatively new and only in NetBSD (as far as I know)
so naturally there will be less information about it. However,
keep in mind that information that you find on the 'net about pf
might be assuming a more modern version. npf has appeared in two
major NetBSD releases now, and while still undergoing development,
should be relatively stable. It is also designed to be much more
performant.
You didn't ask, but I'll add that the third option is ipfilter.
It sits somewhere in the middle. It hasn't seen a lot of maintenance
or enhancement lately, but it is still much newer then pf. It is
also quite stable and usable.
}-- End of excerpt from Jukka Marin
