FreeBSD vs OpenBSD PF

Status
Not open for further replies.
FreeBSD 8.0 uses PF from OpenBSD 4.1, PF in OpenBSD 4.6 (or upcomming 4.7) is little different/newer.

There is also FreeBSD project to update PF in FreeBSD to that one from OpenBSD 4.5.
 
razrx said:
That's a discussion on relayd, not pf itself.
The relayd FreeBSD port is indeed pretty outdated.
PF had a MAJOR overhaul between OpenBSD 4.5 and OpenBSD 4.6 versions which is only now
fully production tested for OpenBSD 4.7 release.

FreeBSD 9.0 to be released next year will get PF from OpenBSD 4.5 instead of present 4.1 which is 3 years old and part of newly released FreeBSD 8.0. Do you know just how many bugs were found in three years let alone completely new functionality and syntax for OpenBSD 4.6.

On the top of it PF has never been completely implemented in FreeBSD due to the significant difference in network stack between FreeBSD and OpenBSD. The same
is true for NetBSD to a lesser extend due to the fact that OpenBSD originated from NetBSD.
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.

That is the real ugly truth about PF implementation on other platforms than OpenBSD.

Similar things are true for OpenSSH.

But look at the bright side. Flash 10 works on FreeBSD better than on Linux while it even doesn't work on OpenBSD;)
 
Oko said:
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.

ipfwadm was based on IPFW. ipchains was a rewrite with no relation to IPFW. And iptables was another rewrite with even less relation to IPFW. However, there's now a Linux port of IPFW and dummynet, so things aren't all bad for Linux firewalls now. ;)

PF isn't on Linux probably because no one wants to taint their minds trying to figure out Linux networking-of-the-week subsystems. ;) Nor do they want to twist the beautiful PF code to make it work on Linux. :)

Just because it's not there doesn't mean PF is horribly hard to port.
 
Oko said:
PF had a MAJOR overhaul between OpenBSD 4.5 and OpenBSD 4.6 versions
Why do you think PF has never been ported to Linux. Let me guess. Because Linux IP tables which are originally based on IPFW of FreeBSD are superior.
Many Linux servers survived without PF and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...
 
lumiwa said:
Many Linux servers survived without PF and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...

Well, there are even some Window and MacOS X servers surviving in the wild :D
 
lumiwa said:
Many Linux servers survived without PF
and even greater number of Windows servers

lumiwa said:
and it is nothing unusual that Linux users don't like BSD (special OpenBSD) users...
In my experience most Linux users I met actually have never heard for BSD. How can you hate something that you have never heard of? The one like the Oliver who already answered your post and who is using Slackware since 1993 tent to use the best tool for the job. Unless you have tens of thousands dollars to run your network on proprietary hardware and software you best bet is OpenBSD. Obviously nobody is going to use OpenBSD for HPC, to run big Database or to do Flash development.
 
Oko said:
and even greater number of Windows servers


In my experience most Linux users I met actually have never heard for BSD. How can you .

They know and they know very good about what Theo de Raadt talked about Linux for example. And your post about Linux (as I understood) was also cynic. Everybody has a freedom to choose OS whatever it is and think that is the best.
 
>They know and they know very good about what Theo de Raadt talked about Linux for example.

Vice versa I remember Linus outbursts in terms of the FreeBSD devs (idiots), Gnome devs (Nazis) et al. Those accusations don't lead anywhere. Furthermore it seems you're talking about some Linux users, I think we're talking about professional Linux users. Most of the latter do know OpenBSD, they do know the benefits of using it and some of them even don't like de Raadt ... but hey, they're professionals! OpenBSD is a wide-spread firewall appliance even among Linux admins, due to the fact that most server landscapes are heterogeneous (less possible points of attack, the best tool for the current job etc. pp.).
 
The OP was last seen surfing near St Barth (without drifting off!), so I'm closing this one.
 
Status
Not open for further replies.
Back
Top