Re: manual page | zpool-features
> snip
>>
>> Actually, I am becoming suspicious that FreeBSD does not maintain a OpenBSD
>> Packet Firewall that survives upgrades. Perhaps I should just take all of
>> the Packet Firewall stuff out of my kernel and learn to use ipfw2.
>>
>>
>> Darrel
>>
>>
>
> On the subject of OpenBSD Packet Firewall
>
> OpenBSD 4.5 version of PF firewall which is included with the base FreeBSD
> 8.x and 9.x releases is no longer supported by OpenBSD and very back level.
>
> The most current version of OpenBSD is 5.1. PF version 5.0 changed the syntax
> of the NAT statement making PF no longer backwards compatible which breaks
> some Freebsd standard, so updated versions of OpenBSD PF will no longer be
> mass ported to FreeBSD. Any bug fix code to OpenBSD PF will have to be
> incorporated by hand into FreeBSD's version of PF from this point on.
>
> The following will shine some more light on the subject.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=167057
>
> http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html
>
>
Thank you. This information is good to know since I recompiled parts of
Packet Firewall and then rebooted the machine with no working Packet
Filter as a result.
I have adjusted to the changes and am running OpenBSD 5.1 on my perimeter.
Also, I am experimenting with NPF on NetBSD, which has a few bugs but
generally works just fine tested with 'nmap' and the like. For FreeBSD, I
will change to IPFW. It might be useful anyhow, since I have a Macintosh
and will eventually probably get another. I would guess that the
Macintosh firewall is still 'ipfw2', or something not too dissimilar.
There is just no sense banging my head against a wall and repearting
mistakes that actually do not belong to me by trying to run Packet Filter
on FreeBSD.
Darrel
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 11 之 11 篇):