NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pf or npf?



On Thu, 25 Feb 2016, John Nemeth wrote:
You didn't ask, but I'll add that the third option is ipfilter. It sits somewhere in the middle. It hasn't seen a lot of maintenance or enhancement lately, but it is still much newer then pf.

Just FYI, the last version was 4.1.33 and was released 2013-04-24 according to source forge. Looks like Darren Reed still runs the project, but as you say, there isn't any action lately.

It is also quite stable and usable.

I still use it on Tru64 5.1B as it is the only realistic and free option available that I'm aware of. I've also used it on Solaris 8, IRIX 6.2 and 6.5, Unixware 7, QNX, and HPUX.

I don't know much about all the bitchery and crying that went on between Darren and Theo. *shrug*. I will just say ipfilter works amazingly great considering some of the challenging and crappy situations I've put it in. Years ago I ran a firewall with IRIX 6.2 that was up for about 3 years with no issues at all (yeah, laugh it up at IRIX, but it was beat on constantly and nobody hacked it).

All that said, I'm excited about NPF, too. Finally our own code we can go fine-grain or lockless on. That should help us push the turbo-button on the filtering performance. Congrats to Mr. Rasiukevicius and friends on a great job so far!

-Swift


Home | Main Index | Thread Index | Old Index