NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PF works on 6.0_RC2 despite error messages



Hi Darrel,

Thanks for your response.

* Darrel (levitch%iglou.com@localhost) wrote:
> >[running /etc/rc.d/npf]
> >...
> >(Note that I do not use npf, although it runs.)
> You might want to try out NPF in NetBSD.  It still has a few bugs but 
> tests well wity 'nmap' and the like.
As I am also using FreeBSD and I am only an amateur,
This time I want to try ones I already know.
I shall try NPF sometime.
AFAIK NPF is like PF but NPF utilizes SMP.
But it is not completed at least in the area of ipv6.
(Actually I only have IPv6 on FreeBSD; I haven't got IPv6 on NetBSD.
I'm behind NAT. net/tspc, net/hf6to4 and net/miredo still do not work.)

>  from RC2:
> 
> # cat /etc/pf.conf | grep 2007
> #       $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
> 
> Sort of old?
Yes I found that there are divergences in the syntax of /etc/pf.conf for both
FreeBSD and NetBSD. As they are ported from different versions of OpenBSD.
Nevertheless, on FreeBSd, I use both ipfw and pf.
Even if I fully migrate to NetBSD, I trend to use both npf and pf.
(But it seems redundant, anyway.)

> and this from FreeBSD:
> 
> http://www.freebsd.org/cgi/query-pr.cgi?pr=167057
> 
> I only use Packet Filter on OpenBSD from now on.
I believe that PF will last in the market for a while.
OS X 10.6 and below used ipfw from FreeBSD.
But starting from 10.7 (Lion) onward, Apple uses pf from OpenBSD.
Because its source code is very well matured and proof to be secure.
It should take sometime to have NPF on the market.
(For sure, finally it WILL, because SMP from ground up is very attractive.)

-- 
Pongthep Kulkrisada
 
"UNIX is basically a simple operating system,
but you have to be a genius to understand the simplicity."
-- Dennis M. Ritchie


Home | Main Index | Thread Index | Old Index