crystal-clear; thanks Freddie ! On 2/12/19, Freddie Cash <[email protected]> wrote: > On Tue, Feb 12, 2019 at 8:53 AM Nacho Lariguet <[email protected]> wrote: > >> Thanks for your reply Sepherosa ! >> >> "Well, I don't know how you read the ipfw2 logs ..." >> >> I'm really new here (meaning the nix community overral). I surfed the >> tree on GIT web and after some time located the source code for all >> the firewall options available to look for versions/activity and the >> like; ie: to grab some sense of the development pace. The >> versions/time/dates I quoted were mainly for the comments on top of >> the relevant files. >> >> I'm just trying to understand what to use and what not to use and the >> documentation while very helpful seemed a bit confusing on what >> direction are the firewall options eventually going. Thus I seeked >> advice. >> >> I understand OpenBSD relies on PF (which created from scratch) while >> FreeBSD moved from IPFW to IPF (which also created from scratch) ... >> am I right ? >> > > Nope. > > OpenBSD had a version of IPFilter imported from Sun. That was later > replaced with PF, which is now the only packet filter on OpenBSD. > > FreeBSD started with IPFW. Later, IPFilter was imported from Sun, but IPFW > remained for those who liked it or needed the Dummynet features. Even > later, PF was imported from OpenBSD. IPFilter stagnated in FreeBSD and was > on the verge of being removed, but someone stepped up, took maintainership, > cleaned it up, and it remains. PF has diverged wildly from what's in > OpenBSD, to the point they really aren't compatible anymore. There's been > a couple of attempts to sync it and bring in new features from OpenBSD, but > the lack of proper SMP in the OpenBSD networking stack makes it difficult > (the FreeBSD PF is SMP-aware). IPFW remains, and has been under heavy > development the past couple of years with lots of new features added and > cleanups being done. > > Don't know too much about the state of packet filters in DFly, but wasn't > there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is > fairly different now from FreeBSD IPFW? > > Basically, on OpenBSD, you use PF. On DFly, you use IPFW. On FreeBSD, you > can choose which style of packet filter you prefer (although I'd recommend > not using IPFilter). > -- > Freddie Cash > [email protected] >
-- nacho Lariguet [email protected]
