|
|
|
|
|
|
by gonzo
3333 days ago
|
|
|
Upvote. ipfw has better performance, too. I guess what we need is some lex/yacc work to make a pf.conf syntax work with ipfw. Largest issue is pf is "lastmatch wins" (copied from ipfilter, and a mistake that even Henning admits) and ipfw is “first match wins”. pfSense makes all of rules "quick" to workaround this issue. So without a ton of work, we could get the syntax (via an external package), but the semantics of existing pf.conf would be more difficult. The rest is we would need the equivalent of pfsync. |
|
|