2370 [Solved] FreeBSD vs OpenBSD PF [Archive] - The FreeBSD Forums
PDA

View Full Version : [Solved] FreeBSD vs OpenBSD PF

maidenush
March 17th, 2010, 23:10
Is there any difference between FreeBSD PF and OpenBSD PF firewall?

Thank you,
paul
vermaden
March 17th, 2010, 23:55
FreeBSD 8.0 uses PF from OpenBSD 4.1, PF in OpenBSD 4.6 (or upcomming 4.7) is little different/newer.

There is also FreeBSD project to update PF in FreeBSD to that one from OpenBSD 4.5.
SirDice
March 18th, 2010, 08:42
Besides the version differences there's no difference.
maidenush
March 18th, 2010, 10:47
Thank you.
Oko
March 19th, 2010, 04:50
Besides the version differences there's no difference.

Buuu hahahaha. You are kidding right?

http://marc.info/?l=openbsd-misc&m=126887242119532&w=2
razrx
March 19th, 2010, 11:41
Buuu hahahaha. You are kidding right?

http://marc.info/?l=openbsd-misc&m=126887242119532&w=2

That's a discussion on relayd, not pf itself.
The relayd FreeBSD port is indeed pretty outdated.
Oko
March 19th, 2010, 15:12
That's a discussion on relayd, not pf itself.
The relayd FreeBSD port is indeed pretty outdated.
PF had a MAJOR overhaul between OpenBSD 4.5 and OpenBSD 4.6 versions which is only now
fully production tested for OpenBSD 4.7 release.

FreeBSD 9.0 to be released next year will get PF from OpenBSD 4.5 instead of present 4.1 which is 3 years old and part of newly released FreeBSD 8.0. Do you know just how many bugs were found in three years let alone completely new functionality and syntax for OpenBSD 4.6.

On the top of it PF has never been completely implemented in FreeBSD due to the significant difference in network stack between FreeBSD and OpenBSD. The same
is true for NetBSD to a lesser extend due to the fact that OpenBSD originated from NetBSD.
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.

That is the real ugly truth about PF implementation on other platforms than OpenBSD.

Similar things are true for OpenSSH.

But look at the bright side. Flash 10 works on FreeBSD better than on Linux while it even doesn't work on OpenBSD;)
phoenix
March 19th, 2010, 23:36
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.

ipfwadm was based on IPFW. ipchains was a rewrite with no relation to IPFW. And iptables was another rewrite with even less relation to IPFW. However, there's now a Linux port of IPFW and dummynet, so things aren't all bad for Linux firewalls now. ;)

PF isn't on Linux probably because no one wants to taint their minds trying to figure out Linux networking-of-the-week subsystems. ;) Nor do they want to twist the beautiful PF code to make it work on Linux. :)

Just because it's not there doesn't mean PF is horribly hard to port.
lumiwa
March 20th, 2010, 14:35
PF had a MAJOR overhaul between OpenBSD 4.5 and OpenBSD 4.6 versions
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.


Many Linux servers survived without PF and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...
oliverh
March 20th, 2010, 16:01
Many Linux servers survived without PF and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...

Well, there are even some Window and MacOS X servers surviving in the wild :D
Oko
March 20th, 2010, 18:57
Many Linux servers survived without PF
and even greater number of Windows servers


and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...
In my experience most Linux users I met actually have never heard for BSD. How can you hate something that you have never heard of? The one like the Oliver who already answered your post and who is using Slackware since 1993 tent to use the best tool for the job. Unless you have tens of thousands dollars to run your network on proprietary hardware and software you best bet is OpenBSD. Obviously nobody is going to use OpenBSD for HPC, to run big Database or to do Flash development.
lumiwa
March 20th, 2010, 20:35
and even greater number of Windows servers


In my experience most Linux users I met actually have never heard for BSD. How can you .

They know and they know very good about what Theo de Raadt talked about Linux for example. And your post about Linux (as I understood) was also cynic. Everybody has a freedom to choose OS whatever it is and think that is the best.
oliverh
March 20th, 2010, 22:05
>They know and they know very good about what Theo de Raadt talked about Linux for example.

Vice versa I remember Linus outbursts in terms of the FreeBSD devs (idiots), Gnome devs (Nazis) et al. Those accusations don't lead anywhere. Furthermore it seems you're talking about some Linux users, I think we're talking about professional Linux users. Most of the latter do know OpenBSD, they do know the benefits of using it and some of them even don't like de Raadt ... but hey, they're professionals! OpenBSD is a wide-spread firewall appliance even among Linux admins, due to the fact that most server landscapes are heterogeneous (less possible points of attack, the best tool for the current job etc. pp.).
DutchDaemon
March 20th, 2010, 23:45
The OP was last seen surfing near St Barth (without drifting off!), so I'm closing this one.
0