[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Peter Curran <peter at closeconsultants dot com>
 Cc:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] any plans on switching to pf?
 Date:  Wed, 10 Nov 2004 12:15:32 +0100
On 10.11.2004 09:46 +0000, Peter Curran wrote:

> In fact, I may be so bold as to suggest that if m0n0 went down the
> pf route,  it may as well kick FreeBSD into touch and just cut
> across to OpenBSD.

Well, I've got the impression that FreeBSD is less picky about
hardware (I've had machines that wouldn't boot an OpenBSD kernel
properly but didn't have any problems with FreeBSD), which seems to
be an important point with people running m0n0wall on all kinds of
junk PCs. My last performance benchmarks are already several months
old, but at least back then, FreeBSD was considerably faster
(measured network throughput). And I'm sorry, but reading some of the
messages from OpenBSD's founder didn't make me feel like switching.
Then again, the story involves the founder of ipfilter as well...
Please tell me never to touch a keyboard again if I ever end up like

> I have no experience at all of using pf on FreeBSD, so I do not
> know if the  same level of integration and functionality achieved
> on OpenBSD is available  under FreeBSD 5.3, but my experience of
> using it on OpenBSD leaves me in no  doubt at all of which firewall
> is the best (and it isn't ipf).

Yeah, agreed, pf really makes a cleaner impression. However, I'm not
convinced the integration into FreeBSD is good enough yet. pf should
be run under OpenBSD, which it was designed for, but the concerns
listed above prevent switching m0n0wall to OpenBSD.

- Manuel