FreeBSD packet filter (pf)

PF logo FreeBSD logo

This is the homepage of the FreeBSD packet filter (pf) ported by Pyun YongHyeon <yongari@kt-is.co.kr> and Max Laier <mlaier@freebsd.org> derived from OpenBSD.

Status

The port is part of the base system of FreeBSD 5.X as of March, 8th 2004.

Due to ABI changes, version updates only happen in HEAD usually a few weeks after a new OpenBSD release. Bugfixes and erratas are imported regularly and MFCed to all supported RELENG branches.

ALTQ was imported into the FreeBSD -CURRENT branch as of of June 12th 2004 and will be part of the upcomming FreeBSD 5.3.

History

This port was started by Pyun YongHyeon with the following post on deadly. Since it generated a lot of interest we started this project pf4freebsd and created a FreeBSD port. Many people provided help along the way, most noteable Daniel Hartmeier - the original author of pf at OpenBSD. Shortly after FreeBSD 5.2.1 was released, we were invited to merge our port into the FreeBSD base system, were it is maintained now. Currently Daniel Hartmeier and Max Laier take care of it and will try to keep it in sync with OpenBSD-STABLE. We will also try to merge other relaiability fixes from OpenBSD-CURRENT, which do not make -STABLE in OpenBSD due to pocily. In addition we will try to provide FreeBSD specific modifications e.g. per-jail rules. The plan is to follow OpenBSD's lead as we see this project as a port not a forge, but still to allow FreeBSD users and developers to use pf's power in the ways FreeBSD demands/allows.

If you have general ideas to improve pf or for additional features, we encourage you to bring them to OpenBSD first. It's okay however to provide us with your FreeBSD patches.

Resources:

Changes:

Since the import was done, changes are available via the FreeBSD cvsweb interface.

For security relevant changes see the OpenBSD-STABLE errata page. We usually manage to sync changes from there with a delta less than 1 day and the OpenBSD security officers provide us with a pre-release HEADSUP for critical patches.

Anouncements of critical updates and imports of a new OpenBSD version will be posted to the freebsd-pf mailing list.

TODO/Help

If you run into anything unexcepted, please take the time to tell us about it. Provide as much detail as possible, but even an uncomplete report is better than no report at all! Submit report to one of: freebsd-pf mailing list, Max Laier <mlaier@freebsd.org>, or submit a FreeBSD bug rapport (PR). If you use the latter, please CC Max Laier, so that he can take care of it.

If you are interested in testing the latest pf-features on your FreeBSD-CURRENT box, you should take a look at http://people.freebsd.org/~mlaier/ from time to time and subscribe to the freebsd-pf mailing list were new patches and updates will be announced.

For the patches on http://people.freebsd.org/~mlaier/ we are interested in sucess stories as well. If you were able to boot/run/use it on your setup, please file a short report about your test-setup to either the FreeBSD PF Mailing list or Max Laier directly. If you have problems with the patches, you can ask on the FreeBSD PF Mailing list or send a mail to Max Laier. Please do not submit a FreeBSD bug rapport (PR) for this.