# Versions of PF packet filter on FreeBSD



## Erratus (Apr 25, 2013)

How can the version of PF be retrieved on command line?
Also looking for a list of corresponding PF versions with FreeBSD-RELEASEes.

Any hints? 
(And yes, I tried searchmachines


----------



## cpm@ (Apr 25, 2013)

Just check `% grep -iE '\bpf\b' /usr/src/UPDATING`

PF code version list:

In RELENG_5 - pf is at OpenBSD 3.5
In RELENG_6 - pf is at OpenBSD 3.7
In RELENG_7 - pf is at OpenBSD 4.1
In RELENG_8 - pf is at OpenBSD 4.5


----------



## Erratus (Apr 25, 2013)

Ok, was somehow reluctant to believe that there was no upgrade until RELENG_9.1. Any story behind this?


----------



## cpm@ (Apr 25, 2013)

This thread really explains in detail what is happening with PF and why the OpenBSD version is no longer being ported to FreeBSD. More information in WhatsNew/FreeBSD10.


----------



## Erratus (Apr 26, 2013)

Argh! Made up my mind to learn PF.
Now had to read this: 





> >From my point of view the state of pf in FreeBSD is (was) a dead end. We don't
> modify it, since it isn't ours, but we hope that new bulk import would fix problems.



In terms of investing time: Should I reconsider PF or go with other packet filter?


----------



## wblock@ (Apr 26, 2013)

Don't mistake opinion for policy.  PF is one to the two well-supported firewalls in FreeBSD, the other being IPFW.


----------



## Erratus (Apr 26, 2013)

I'm aware the quote is opinion. And I know, the "other" packet filter is IPFW.

Please correct me if I got it wrong. PF ist stuck on FreeBSD because improvements of performance over OpenBSD's PF - on a version that is behind OpenBSB. 

For me it sums up as a risk that I might end up changing the firewalls or even the OS in future.

I'd like to ask the FreeBSD porters/developers if they kindly join the OpenBSD PF-team for resolving the issue?


----------



## cpm@ (Apr 26, 2013)

I totally agree with @wblock's argument 

Personally, I prefer pf(4) considering that is part of this great family FreeBSD, OpenBSD, NetBSD, and DragonFly BSD.

However, I recommend you read this benchmarking test regarding IPFW/PF performance:
http://lists.freebsd.org/pipermail/freebsd-current/2013-April/041323.html.


----------



## wblock@ (Apr 26, 2013)

There's always a risk you might have to change firewalls at some point.  It's not a lifelong commitment.  Eventually, something will happen.  It might be that FreeBSD re-imports the newer version of PF from OpenBSD, eliminating any local changes.  Or maybe FreeBSD's changes will go upstream.  Possibly some of both.  Neither is likely to happen soon.


----------



## johnblue (Apr 26, 2013)

cpu82 said:
			
		

> This thread really explains in detail what is happening with PF and why the OpenBSD version is no longer being ported to FreeBSD.


It is threads like those that make me wish I was a sysadmin/programmer.  I would like to be able to jump in an help solve some problems, but I have no delusions when it comes to programming; maybe someday.

:e



			
				Erratus said:
			
		

> In terms of investing time: Should I reconsider PF or go with other packet filter?



I would not reconsider if you have already chosen.  If you are like me, I looked at both and PF made more "sense" to me.  However, if you are struggling with PF do not limit yourself when other options are available.


----------



## cpm@ (Apr 26, 2013)

johnblue said:
			
		

> It is threads like those that make me wish I was a sysadmin/programmer.  I would like to be able to jump in an help solve some problems, but I have no delusions when it comes to programming; maybe someday.
> 
> :e



The first thing you need is motivation: depends on what you are willing to learn. Trying to be in active communities will help you to be inspired by them.  Remember that, if nothing else, you are a problem solver. Look for things that need solving and try to read about it, and/or apply yourself to solve the problem.

I recommend you to read, if you have not done yet, "The Psychology of Computer Programming" by Gerald M. Weinberg. IMHO is very helpful


----------



## m_pahlevanzadeh (Jul 23, 2013)

cpu82 said:
			
		

> Just check `% grep -iE '\bpf\b' /usr/src/UPDATING`
> 
> PF code version list:
> 
> ...



It's wrong, If you used 

```
portsnap
```
and your src tree older than your Port three, your 
	
	



```
grep
```
 doesn't result for always.It's sometimes ok and it's not ok.


----------



## wblock@ (Jul 23, 2013)

pf(4) is part of the base system, not ports.


----------



## cpm@ (Jul 23, 2013)

To check latest version code announced about pf(4)() on system:

```
[CMD]% grep -iE '\bpf\b' /usr/src/UPDATING[/CMD]
	The packet filter (pf) code has been updated to OpenBSD 4.5.
```

Besides what @wblock@ told above, the /usr/src/UPDATING is updated as part of the source with svn(1)().


----------



## m_pahlevanzadeh (Jul 24, 2013)

wblock@ said:
			
		

> pf(4) is part of the base system, not ports.



Thank you.


----------



## m_pahlevanzadeh (Mar 24, 2016)

Erratus said:


> I'm aware the quote is opinion. And I know, the "other" packet filter is IPFW.
> 
> Please correct me if I got it wrong. PF ist stuck on FreeBSD because improvements of performance over OpenBSD's PF - on a version that is behind OpenBSB.
> 
> ...


If you have any question about Firewalls between PF, ipfw or other on BSD, You can read benchmarks of http://bsdrp.net/documentation/technical_docs/performance?s[]=pf&s[]=ipfw


----------

