• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Versions of PF packet filter on FreeBSD

Erratus

Well-Known Member

Thanks: 19
Messages: 320

#1
How can the version of PF be retrieved on command line?
Also looking for a list of corresponding PF versions with FreeBSD-RELEASEes.

Any hints?
(And yes, I tried searchmachines ;)
 

cpm@

Moderator
Staff member
Moderator
Developer

Thanks: 890
Messages: 2,100

#2
Just check % grep -iE '\bpf\b' /usr/src/UPDATING

PF code version list:
  • In RELENG_5 - pf is at OpenBSD 3.5
  • In RELENG_6 - pf is at OpenBSD 3.7
  • In RELENG_7 - pf is at OpenBSD 4.1
  • In RELENG_8 - pf is at OpenBSD 4.5
 

Erratus

Well-Known Member

Thanks: 19
Messages: 320

#5
Argh! Made up my mind to learn PF.
Now had to read this:
>From my point of view the state of pf in FreeBSD is (was) a dead end. We don't
modify it, since it isn't ours, but we hope that new bulk import would fix problems.
In terms of investing time: Should I reconsider PF or go with other packet filter?
 

wblock@

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 3,579
Messages: 13,850

#6
Don't mistake opinion for policy. PF is one to the two well-supported firewalls in FreeBSD, the other being IPFW.
 

Erratus

Well-Known Member

Thanks: 19
Messages: 320

#7
I'm aware the quote is opinion. And I know, the "other" packet filter is IPFW.

Please correct me if I got it wrong. PF ist stuck on FreeBSD because improvements of performance over OpenBSD's PF - on a version that is behind OpenBSB.

For me it sums up as a risk that I might end up changing the firewalls or even the OS in future.

I'd like to ask the FreeBSD porters/developers if they kindly join the OpenBSD PF-team for resolving the issue?
 

wblock@

Administrator
Staff member
Administrator
Moderator
Developer

Thanks: 3,579
Messages: 13,850

#9
There's always a risk you might have to change firewalls at some point. It's not a lifelong commitment. Eventually, something will happen. It might be that FreeBSD re-imports the newer version of PF from OpenBSD, eliminating any local changes. Or maybe FreeBSD's changes will go upstream. Possibly some of both. Neither is likely to happen soon.
 

johnblue

Well-Known Member

Thanks: 25
Messages: 256

#10
cpu82 said:
This thread really explains in detail what is happening with PF and why the OpenBSD version is no longer being ported to FreeBSD.
It is threads like those that make me wish I was a sysadmin/programmer. I would like to be able to jump in an help solve some problems, but I have no delusions when it comes to programming; maybe someday.

:e

Erratus said:
In terms of investing time: Should I reconsider PF or go with other packet filter?
I would not reconsider if you have already chosen. If you are like me, I looked at both and PF made more "sense" to me. However, if you are struggling with PF do not limit yourself when other options are available.
 

cpm@

Moderator
Staff member
Moderator
Developer

Thanks: 890
Messages: 2,100

#11
johnblue said:
It is threads like those that make me wish I was a sysadmin/programmer. I would like to be able to jump in an help solve some problems, but I have no delusions when it comes to programming; maybe someday.

:e
The first thing you need is motivation: depends on what you are willing to learn. Trying to be in active communities will help you to be inspired by them. Remember that, if nothing else, you are a problem solver. Look for things that need solving and try to read about it, and/or apply yourself to solve the problem.

I recommend you to read, if you have not done yet, "The Psychology of Computer Programming" by Gerald M. Weinberg. IMHO is very helpful :)
 

m_pahlevanzadeh

New Member


Messages: 8

#12
cpu82 said:
Just check % grep -iE '\bpf\b' /usr/src/UPDATING

PF code version list:
  • In RELENG_5 - pf is at OpenBSD 3.5
  • In RELENG_6 - pf is at OpenBSD 3.7
  • In RELENG_7 - pf is at OpenBSD 4.1
  • In RELENG_8 - pf is at OpenBSD 4.5
It's wrong, If you used
Code:
portsnap
and your src tree older than your Port three, your
Code:
grep
doesn't result for always.It's sometimes ok and it's not ok.
 

cpm@

Moderator
Staff member
Moderator
Developer

Thanks: 890
Messages: 2,100

#14
To check latest version code announced about pf(4)() on system:
Code:
[CMD]% grep -iE '\bpf\b' /usr/src/UPDATING[/CMD]
	The packet filter (pf) code has been updated to OpenBSD 4.5.
Besides what @wblock@ told above, the /usr/src/UPDATING is updated as part of the source with svn(1)().
 
Last edited by a moderator:

m_pahlevanzadeh

New Member


Messages: 8

#16
I'm aware the quote is opinion. And I know, the "other" packet filter is IPFW.

Please correct me if I got it wrong. PF ist stuck on FreeBSD because improvements of performance over OpenBSD's PF - on a version that is behind OpenBSB.

For me it sums up as a risk that I might end up changing the firewalls or even the OS in future.

I'd like to ask the FreeBSD porters/developers if they kindly join the OpenBSD PF-team for resolving the issue?
If you have any question about Firewalls between PF, ipfw or other on BSD, You can read benchmarks of http://bsdrp.net/documentation/technical_docs/performance?s[]=pf&s[]=ipfw
 
Top