NetBSD's itojun has ported PF (openbsd packet filter) to netbsd-current as of today as a patch. He says that presently it does not support (interface) syntax and ip_off/ip_len endian flipping needs testing. His ultimate goal is to replace ipsec policy engine . . .
NetBSD's itojun has ported PF (openbsd packet filter) to netbsd-current as of today as a patch. He says that presently it does not support (interface) syntax and ip_off/ip_len endian flipping needs testing. His ultimate goal is to replace ipsec policy engine by PF tagging (just like ALTQ integration to PF on openbsd). Syslogging is supported by pflog(8). He is also unsure if the goal would be to replace ipfilter, or have pf be an alternative. He says that freebsd has 2 packet filters (or 3?) shipped with it and has no problem, hence both could be shipped simultaneously. But ipfilter and PF have very similar syntax, so we could choose to replace ipfilter with PF. itojun is a member of the NetBSD Core Group. Joel Wilsson had also started the pf migration efforts and hopefully itojun and Joel can pool their efforts together as a team!

The link for this article located at FreeBSDForums is no longer available.