OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
PF for FreeBSD 5.0
Contributed by jose on Tue Mar 25 14:14:00 2003 (GMT)
from the portable-guards dept.

Pyun YongHyeon writes:

"Hello there.

I have ported pf to FreeBSD 5.0 Currently it works well, though many nice features of pf not tested. I have ported to make FreeBSD users know there is an another excellent stateful packet filter with BSD license. URL is the following.

ftp://ftp.kr.freebsd.org/pub/FreeBSD-kr/misc/pf_freebsd_0.3.tar.bz2

Thanks."

Wow, this is pretty cool. I know that PF had been ported to NetBSD as well (as an LKM, without ALTQ), but I didn't know about this effort for FreeBSD. It's good to see that people are mixing up their options, and maybe they can contribute something back to OpenBSD's PF.

[topicpf2]

<< y Patches 013 and 026 address Kerb4 weakness | Reply | Flattened | Expanded | OpenBSD 3.3 Available for Pre-Order >>

Threshold: Help

Related Links
more by jose


  iptables (mod -4/94)
by Anonymous Coward on Tue Mar 25 14:19:00 2003 (GMT)
  How does pf, and the other respective *bsd firewalls compare to iptables for linux?

From my short look into similaritis, it would appear iptables can do a bit more, and is a tad faster.

What are other readers experiences?

Please, no bitching/trolling, I was just after a technical comparison.



  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      Re: iptables (4/68) by deekayen on Tue Mar 25 14:23:00 2003 (GMT)
        Re: iptables (-1/69) by miked512 on Tue Mar 25 15:27:00 2003 (GMT)
        Re: iptables (2/66) by Anonymous Coward on Tue Mar 25 18:50:00 2003 (GMT)
          Re: iptables (-5/63) by Anonymous Coward on Tue Mar 25 19:05:00 2003 (GMT)
            Re: iptables (2/62) by RC on Tue Mar 25 23:03:00 2003 (GMT)
              Re: iptables (-3/69) by Anonymous Coward on Wed Mar 26 12:48:00 2003 (GMT)
              Re: iptables (3/61) by Henning on Thu Mar 27 13:49:00 2003 (GMT)
          Re: iptables (12/68) by Anonymous Coward on Wed Mar 26 15:32:00 2003 (GMT)
            Re: iptables (-4/76) by Anonymous Coward on Fri Jul 11 14:20:00 2003 (GMT)
      Re: iptables (1/67) by Ben Johnson on Tue Mar 25 15:25:00 2003 (GMT)
        Re: iptables (6/68) by Piero Leonardo Rodrigues on Tue Mar 25 17:15:00 2003 (GMT)
          Re: iptables (0/72) by Anonymous Coward on Tue Mar 25 22:37:00 2003 (GMT)
      Re: iptables (-2/74) by Sherrod on Tue Mar 25 17:06:00 2003 (GMT)
      Re: iptables (6/68) by Anonymous Coward on Tue Mar 25 17:17:00 2003 (GMT)
      Re: iptables (3/65) by Anonymous Coward on Tue Mar 25 18:40:00 2003 (GMT)
      Re: iptables (-4/66) by Alejandro G. Belluscio on Tue Mar 25 18:43:00 2003 (GMT)
        Re: iptables (-9/67) by Steph L on Tue Mar 25 21:02:00 2003 (GMT)
          Re: iptables (-16/72) by Dries Schellekens on Tue Mar 25 22:30:00 2003 (GMT)
            Re: iptables (8/70) by Dries Schellekens on Tue Mar 25 22:32:00 2003 (GMT)
          Re: iptables (-6/68) by RC on Tue Mar 25 22:50:00 2003 (GMT)
          Re: iptables (7/67) by Alejandro Belluscio on Wed Mar 26 16:59:00 2003 (GMT)
        Re: iptables (-1/65) by Anonymous Coward on Wed Mar 26 12:38:00 2003 (GMT)
          Re: iptables (1/67) by Anonymous Coward on Wed Mar 26 01:15:00 2003 (GMT)
            Re: iptables (2/74) by thebiMbo on Wed Mar 26 08:50:00 2003 (GMT)
          Re: iptables (7/63) by Dries Schellekens on Wed Mar 26 21:05:00 2003 (GMT)
          Re: iptables (-1/65) by Lennie on Wed Apr 9 18:22:00 2003 (GMT)
            Re: iptables (-3/69) by Lennie on Wed Apr 9 18:56:00 2003 (GMT)
              Re: iptables (1/61) by Lennie on Wed Apr 9 19:29:00 2003 (GMT)
        Re: iptables (-4/66) by Anonymous Coward on Wed Mar 26 12:51:00 2003 (GMT)
      Re: iptables (1/65) by Anonymous Coward on Wed Mar 26 03:26:00 2003 (GMT)
        Re: iptables (-4/64) by Anonymous Coward on Wed Mar 26 21:36:00 2003 (GMT)
      Re: iptables (4/66) by Anonymous Coward on Wed Mar 26 06:06:00 2003 (GMT)
      Re: iptables (-2/58) by Anonymous Coward on Thu Mar 27 00:20:00 2003 (GMT)
        Re: iptables (1/71) by Dries Schellekens on Wed Mar 26 20:56:00 2003 (GMT)
          Re: iptables (3/67) by Anonymous Coward on Wed Mar 26 22:39:00 2003 (GMT)
      Re: iptables (1/69) by Anonymous Coward on Wed Mar 26 21:32:00 2003 (GMT)

  YES (mod 1/81)
by miked512 (miked512@msn.com) on Tue Mar 25 15:28:00 2003 (GMT)
mailto:miked512@msn.com
  YES, I'VE BEEN WAITING ON THIS!!!!!!

Not like I don't use OpenBSD or anything. ;-)
I hope it works well.
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      Re: YES (2/74) by Anonymous Coward on Tue Mar 25 19:45:00 2003 (GMT)
        Re: YES (2/70) by Anonymous Coward on Tue Mar 25 21:31:00 2003 (GMT)
          Re: YES (2/68) by Anonymous Coward on Tue Mar 25 23:40:00 2003 (GMT)
            Re: YES (3/71) by Anonymous Coward on Thu Mar 27 00:20:00 2003 (GMT)
              Re: YES (-1/67) by Anonymous Coward on Wed Mar 26 19:51:00 2003 (GMT)
                Re: YES (4/66) by Anonymous Coward on Thu Mar 27 17:28:00 2003 (GMT)
              Re: YES (-6/68) by Hendrik Scholz on Fri Mar 28 20:08:00 2003 (GMT)
                Re: YES (1/67) by Anonymous Coward on Fri Mar 28 20:26:00 2003 (GMT)

  Kewl, now there's really no reasons to use OpenBSD (mod -3/79)
by Hiya on Tue Mar 25 15:49:00 2003 (GMT)
  ....
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  btw (mod 4/76)
by netchan (deadly@netchan.cotse.net) on Tue Mar 25 16:09:00 2003 (GMT)
mailto:deadly@netchan.cotse.net
  "battle of the firewalls"

http://www.openbsdforums.org/forums/showthread.php?threadid=7266&ref_=fr
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      Re: btw (0/64) by ^ESN^ on Tue Mar 25 21:37:00 2003 (GMT)

  wow (mod 5/85)
by jose on Tue Mar 25 22:36:00 2003 (GMT)
http://monkey.org/~jose/
  silly me .. last two stories got no comments, i wondered "did i break commenting?" lucky for us flameSubmit.php3 err ... commentSubmit.php3 is still up and running.

  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]
      Re: wow (0/64) by Anonymous Coward on Wed Mar 26 12:12:00 2003 (GMT)

  What do you mean "another"? (mod 2/82)
by Anonymous Coward on Tue Mar 25 22:50:00 2003 (GMT)
  Maybe a nitpick, but I think it's an important one for those that might care about licenses on their projects or commercial endeavors, although I could be wrong in my impressions of the licensing situation...

I was under the impression that IPF is not under a BSD or X like license.

PF is under the BSD license for sure. IPF is, or at least was, not--one of the reasons PF had to be developed is that IPF did not adhere to the BSD license. IPF's creator, Reed, would not change it. Also why IPF was removed entirely from OBSD default.

Unless Reed changed the IPF license, something only he can do due to copyright, and last I heard Reed was saying (but wasn't doing) he would make the license adaptable and favorable to those he liked (which totally sidesteps the point of a BSD license; but maybe for FreeBSD folks, it is under a true BSD license), what other firewall besides PF is both stateful and under a true BSD (or X like) license?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  No Subject Given (mod 4/86)
by Anonymous Coward on Thu Mar 27 03:08:00 2003 (GMT)
  *yawn* IPtables suck shit. I used it before I switched to oBSD IPF and then PF it was painful; it requires extensive testing to see if the obscure syntax worked the way I intended. Just like Linux it is a kludge with all kinds of useless shit in the kernel.

Where do I request my coffee-webcam protocol in IPTables? I need this in kernel space because it needs to be high performance.

If you like iptables you have not done your research and are likely a how-to user. You probably don't understand IP either.

Oh and for the gamers out there. See previous paragraph; I can, and have, made all games work that I tried.

Go Daniel, PF rocks!
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

  What will Darren do? (mod 11/79)
by Jae (jaeyun@dds.nl) on Sat Mar 29 19:27:00 2003 (GMT)
mailto:jaeyun@dds.nl
  When ipf will be replaced in FreeBSD and NetBSD, will Darren be forking ISO's for them as well?
  [ Show thread ] [ Reply to this comment ] [ Mod Up ] [ Mod Down ]

[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]