Subject: Re: why no pfsync in NetBSD?
To: Charlie Allom <charlie@rubberduck.com>
From: Tobias Nygren <tnn@NetBSD.org>
List: current-users
Date: 04/20/2007 01:41:58
Charlie Allom wrote:
> Hi,
>
> I am looking for the reasoning behind *not* importing pfsync into
> NetBSD..
>
> FreeBSD, OpenBSD & DragonFlyBSD are currently the only platforms I can
> deploy redundant pf(4) & carp(4) firewalls with. This is a sad state of
> affairs for NetBSD imo.
>
> Can anyone answer?
>
> Regards,
> C.
>
pfsync(4) uses a rouge IP protocol number not formally assigned to it.
This is a problem for an OS that wants to be standards-conformant.
Also, there's no real reason why the pfsync(4) protocol can't be
encapsulated in udp(4), is there? This shouldn't be impossible to
implement, but we can't interoperate with the other BSDs if this
route is taken.
-Tobias