While researching which firewall to use I came across what may seem outdated/misguided/whatever documentation; please, correct me when wrong (probably the whole story) and advice (if at all) possible:
Quoting from "Firewall options in DragonFlyBSD" @ https://www.dragonflybsd.org/docs/handbook/Security/#index8h3 ... my notes "DragonFlyBSD inherited the IPFW firewall (versions 1 and 2) when it forked from FreeBSD." "Pretty soon after though, we imported the new pf packet filter that the OpenBSD developers created from scratch." "It is a cleaner code base and is now the recommended solution for firewalling DragonFly." "Keep in mind that the PF version in DragonFly is not in sync with OpenBSD's PF code." "We have not yet incorporated the improvements made in PF over the last few years, but we have some improvements of our own." "A copy of the OpenBSD PF user's guide corresponding to the version of PF in DragonFly can be downloaded as TXT or PDF." ... so: DragonFlyBSD <- openBSD PF ... so: DragonFlyBSD current version is 4.5 released 2009-10-15 as stated in TXT @ https://ftp.openbsd.org/pub/OpenBSD/doc/history/pf-faq45.txt ... but: openBSD PF current version is 5.3 released 2013-10-31 @ https://ftp.openbsd.org/pub/OpenBSD/doc/history/pf-faq53.txt (last FAQ listed) ? ... or: openBSD PF current version is 6.4 @ https://www.openbsd.org/faq/pf/index.html (no version stated here) ? ... https://gitweb.dragonflybsd.org/dragonfly.git/tree/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/pf ... https://gitweb.dragonflybsd.org/dragonfly.git/history/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/pf ... https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/pf/pf.c ... but PF labeled COPYRIGHT 2002~2008 on /sys/net/pf.c ... but PF labeled COPYRIGHT 2010~2014 on /sys/net/pfvar.c ... quoting: "... over the last few years ..." ... how many years are we talking ? 2009~2019 ? 10 years (or-so) behind ? ... really not thinking new features; just security vulnerabilities "IPFW is still and will remain supported for the foreseeable future; it has some features not yet available in PF." ... so it is on life-support until ... PF eventually synched ? "If you're interested in IPFW, read ipfw(4) and ipfw(8)." ... OK. I am. Let's see the alternative: ... https://gitweb.dragonflybsd.org/dragonfly.git/tree/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw ... https://gitweb.dragonflybsd.org/dragonfly.git/history/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw ... https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw/ip_fw2.c ... https://gitweb.dragonflybsd.org/dragonfly.git/tree/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw ... https://gitweb.dragonflybsd.org/dragonfly.git/history/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw ... https://gitweb.dragonflybsd.org/dragonfly.git/blob/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw/ipfw2.c ... so /sys/net/ipfw/ip_fw2.c is 1.6.2.12 2003-04-08 ? ... so /sbin/ipfw/ipfw2 is 1.4.2.13 2003-05-27 ? ... found (on 2015-03-12): Rename all elements of the port to ipfw3 to reduce confusion ... ie: ipfw2 -> ipfw3 ... https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/6a03354eaf5595cb09622704ea7d2ef2794ccffb ... https://gitweb.dragonflybsd.org/dragonfly.git/tree/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw3 ... https://gitweb.dragonflybsd.org/dragonfly.git/history/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw3 ... https://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/733df9ef278607bdbfa284dccb19d893126a154d:/sys/net/ipfw3/ip_fw3.c ... https://gitweb.dragonflybsd.org/dragonfly.git/tree/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw3 ... https://gitweb.dragonflybsd.org/dragonfly.git/history/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw3 ... https://gitweb.dragonflybsd.org/dragonfly.git/blob/733df9ef278607bdbfa284dccb19d893126a154d:/sbin/ipfw3/ipfw3.c ... found: IPFW3 labeled COPYRIGHT 2014~2018 both on /sys/net/ipfw3/ip_fw3.c and /sbin/ipfw3/ipfw3.c ... so: IPFW2 (from freeBSD) imported to DragonFlyBSD keeping (parallel/separate) development until a point into which was renamed IPFW3 ... right ? ... question: why is it (now obsolete) IPFW2 still on the tree ? what case-scenarios (15-or-so-years-old code) still covers being 2019 ? ... question: documentation states IPFW (formerly IPFW2 currently IPFW3) is somewhat on life-support until eventually synchronizing openBSD PF current but source activity seems to tell quite the opposite: that PF is stalled/abandoned and IPFW3 development keep going on am I right ? ... question: what firewall should be actually using on DragonFlyBSD ? - outdated (what seemed many-years behind) PF advertised for its correctness/clean-code/whatever and recommended solution by the documentation ? - IPFW3 (rewritten-from-scratch/SMP-friendly/improved/etc) although advised not to by the documentation ? - forget about using a firewall in DragonFlyBSD and use something else elsewhere ? ... am I missing something ? ... do I have all the facts totally wrong ?
