[RLUG] FreeBSD 6-R + pf

[Tim Hammerquist]

Brandon Mitchell wrote:
> On the "nativity" side of things, pf *is* native in FreeBSD and is
> present in base, as you know. It was simply developed by the OpenBSD
> crew (ala OpenSSL and OpenSSH). If it ran on Linux or another UNIX
> derivative, *then* it would need to be ported to the vastly different
> internals of the new system. Between *BSDs, though, they share so much
> architecturally, calling it a "port" is a bit of a misnomer.

True.  I meant "native" more in the anthropological sense of where it
originated, rather than the executable/platform sense.

> Most *BSD users prefer pf for the syntactical legibility that other
> firewall packages (read: ipfw) lack, and the featureset that is
> competitive with most any commercial firewall on the market. I could
> not live without it's integration with spamd (also OBSD developed)
> to tarpit spammers based on procmail/SA filters on my mail servers.

On the subject of legibility, this was always a hurdle for me with
iptables.  I could manipulate the switches and arguments and such
enough to use the features I wanted, but was always unhappy with this
interface and haven't used it for a packet filter for several years
now.  Has anyone found any better way to deal with this?

Tim