If NPF is the most-supported solution, then I'd like to use it, but it still seems to lack the richness of ipfilter's feature set. For example, I don't see any ALTQ in there. In any case, it doesn't really matter. If pf and ipfilter are intentionally being set aside or have known no-fix bugs, they should be removed from the system or at least discouraged.
FWIW, I don't think my standards are higher than Darren Reed's: https://mail-index.netbsd.org/tech-net/2011/11/23/msg002974.html he's talking about NPF in -CURRENT there. I'm using ipfilter in STABLE -d On Mon, Aug 1, 2016, at 05:04 PM, John Nemeth wrote: > On Aug 1, 2:36pm, Swift Griggs wrote: > } On Mon, 1 Aug 2016, metalli...@fastmail.fm wrote: > } > } > I've had several issues with various parts of the OS, but ipf is the > one > } > that causes random kernel panics. > } > } There are more choices now if you feel you are not getting your money's > } worth from NetBSD/IPF. There is always PF, for example. > > At this point, I would probably try NPF. This is the second > major release with NPF, so it is mature. PF is ancient and > unmaintained. But, there are people that are quite happy with it. >