Hi , before anything I dont think that FreeBSD is become "behind" in this subjet, but..my case is this:
In my work(300/400) users , my boss called a guy who coworked with me for improve the actual network infraestructure
so far so good
the guy dont have anything against FreeBSD but allways call it Linux
..after I explain to it multiple times the diference
anyway, the things is that whe need to put NGFW in some critical points of the network
and here I think..
in the future FreeBSD will can
-dissamble a tcp/udp package
-procesing it against acl or rules
-and reinserting it into the FW ?
song time along I try to do this,
with PF , but the version is old compared to OpenBSD,
and the funcion diver-to-reply
is not in FreeBSD PF
( is needed for reinsert the packet into PF after ,for ex Snort analize it)
So, maybe I'am too old for accept this fact and go on
but I am right? a FreeBSD server cant do it?
I hate put a closed litle box instead of a server
In my work(300/400) users , my boss called a guy who coworked with me for improve the actual network infraestructure
so far so good
the guy dont have anything against FreeBSD but allways call it Linux

anyway, the things is that whe need to put NGFW in some critical points of the network
and here I think..
in the future FreeBSD will can
-dissamble a tcp/udp package
-procesing it against acl or rules
-and reinserting it into the FW ?
song time along I try to do this,
with PF , but the version is old compared to OpenBSD,
and the funcion diver-to-reply
is not in FreeBSD PF
( is needed for reinsert the packet into PF after ,for ex Snort analize it)
So, maybe I'am too old for accept this fact and go on
but I am right? a FreeBSD server cant do it?
I hate put a closed litle box instead of a server