Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  Compared to working with iptables, PF is like this haiku:

  A breath of fresh air,
  floating on white rose petals,
  eating strawberries.

  Now I'm getting carried away:

  Hartmeier codes now,
  Henning knows not why it fails,
  fails only for n00b.

  Tables load my lists,
  tarpit for the asshole spammer,
  death to his mail store.

  CARP due to Cisco,
  redundant blessed packets,
  licensed free for me.
(From https://marc.info/?l=openbsd-pf&m=108507584013046&w=2 )

Nftables has improved the situation on Linux somewhat, but PF is incredibly intuitive and powerful. A league of its own when it comes to firewalling.



Nftables is alright IME

reply


Has there ever been an effort to port PF over to linux, or to create an adaption layer that makes things compatible?

reply


pf has been ported to Debian/kFreeBSD, but afaik no effort has been made to port it to the Linux kernel. A lot of networking gear already runs a BSD kernel, so my guess is the really high-level network devs don't bother because they already know BSD so well.

reply


Uhh... no idea but yea. Its that much better that it deserves a poem.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: