<div dir="ltr"><div dir="ltr">On Tue, Feb 12, 2019 at 8:53 AM Nacho Lariguet <<a href="mailto:lariguet@gmail.com">lariguet@gmail.com</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thanks for your reply Sepherosa !<br>
<br>
"Well, I don't know how you read the ipfw2 logs ..."<br>
<br>
I'm really new here (meaning the nix community overral). I surfed the<br>
tree on GIT web and after some time located the source code for all<br>
the firewall options available to look for versions/activity and the<br>
like; ie: to grab some sense of the development pace. The<br>
versions/time/dates I quoted were mainly for the comments on top of<br>
the relevant files.<br>
<br>
I'm just trying to understand what to use and what not to use and the<br>
documentation while very helpful seemed a bit confusing on what<br>
direction are the firewall options eventually going. Thus I seeked<br>
advice.<br>
<br>
I understand OpenBSD relies on PF (which created from scratch) while<br>
FreeBSD moved from IPFW to IPF (which also created from scratch) ...<br>
am I right ?<br></blockquote><div><br></div><div>Nope.</div><div><br></div><div>OpenBSD had a version of IPFilter imported from Sun. That was later replaced with PF, which is now the only packet filter on OpenBSD.</div><div><br></div><div>FreeBSD started with IPFW. Later, IPFilter was imported from Sun, but IPFW remained for those who liked it or needed the Dummynet features. Even later, PF was imported from OpenBSD. IPFilter stagnated in FreeBSD and was on the verge of being removed, but someone stepped up, took maintainership, cleaned it up, and it remains. PF has diverged wildly from what's in OpenBSD, to the point they really aren't compatible anymore. There's been a couple of attempts to sync it and bring in new features from OpenBSD, but the lack of proper SMP in the OpenBSD networking stack makes it difficult (the FreeBSD PF is SMP-aware). IPFW remains, and has been under heavy development the past couple of years with lots of new features added and cleanups being done. </div><div><br></div><div>Don't know too much about the state of packet filters in DFly, but wasn't there an IPFW3 re-write/upgrade done awhile back, such that DFly IPFW is fairly different now from FreeBSD IPFW?</div><div><br></div><div>Basically, on OpenBSD, you use PF. On DFly, you use IPFW. On FreeBSD, you can choose which style of packet filter you prefer (although I'd recommend not using IPFilter).</div></div>-- <br><div dir="ltr" class="gmail_signature">Freddie Cash<br><a href="mailto:fjwcash@gmail.com" target="_blank">fjwcash@gmail.com</a></div></div>