http://www.deadly.org/article.php3?sid=20030325141427

awesome.

Very cool. Its like going backwards having to do any packet filtering or nat on FreeBSD without pf. I've gotten used to it really quickly since most of the time I'm on OpenBSD for those kinds of functions.

Cool stuff.

{K}

This will definately come in handy for sure.

whats the overall diffrences between pf, ipf, ipfw

i use both ipf and ipfw but currious about pf

Well... that's not exactly an easy question to answer on a detailed level but let's just say pf is the shit! It's more functional and dynamic, supports macros for variable expansion for cleaner rulesets, traffic normalization, has nice added features (altq among others... which BTW is not yet ported in the FBSD) and it's tight, tight, tight!!!!

See here for more:

http://www.benzedrine.cx/pf.html
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html

And:

http://www.openbsd.org/faq/faq6.html#6.2

pf is the bomb. I'd have to agree with Krusty, it does seem like going backwards when you use something besides pf. It has come a long ways in a short time.

When I first started using it, nat and pf were in different config files. Later they merged the configs and it was much nicer to setup. I downloaded a snapshot recently and see they merged altq in there too. It just gets better all the time.

I hope they get altq over to FreeBSD too. You can do most of the same things with dummynet but not quite all. I think this is good for everyone. The more cross-pollination there is, the better we all will be.

any1 know if there are plans to port it over to 4x releases?

update on pf in fbsd

http://www.freebsdforums.org/forums/showthread.php?threadid=9122