snip
Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD
Packet Firewall that survives upgrades. Perhaps I should just take all of
the Packet Firewall stuff out of my kernel and learn to use ipfw2.
Darrel
On the subject of OpenBSD Packet Firewall
OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD
8.x and 9.x releases is no longer supported by OpenBSD and very back level.
The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax
of the NAT statement making PF no longer backwards compatible which breaks
some Freebsd standard, so updated versions of OpenBSD PF will no longer be
mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be
incorporated by hand into FreeBSD's version of PF from this point on.
The following will shine some more light on the subject.
http://www.freebsd.org/cgi/query-pr.cgi?pr=167057
http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html
Thank you. This information is good to know since I recompiled parts of
Packet Firewall and then rebooted the machine with no working Packet
Filter as a result.
I have adjusted to the changes and am running OpenBSD 5.1 on my perimeter.
Also, I am experimenting with NPF on NetBSD, which has a few bugs but
generally works just fine tested with 'nmap' and the like. For FreeBSD, I
will change to IPFW. It might be useful anyhow, since I have a Macintosh
and will eventually probably get another. I would guess that the
Macintosh firewall is still 'ipfw2', or something not too dissimilar.
There is just no sense banging my head against a wall and repearting
mistakes that actually do not belong to me by trying to run Packet Filter
on FreeBSD.
Darrel
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
