FreeBSD PF updated to 4.5 for FreeBSD 9
As our commercial side has grown to the point we employ multiple full time people dedicated to working on the project and related customer needs, we’ve also gotten much more involved in upstream development in FreeBSD. Today Bjoern Zeeb committed PF 4.5 into FreeBSD HEAD for the 9 release (which will be the basis of pfSense 2.1), ported by Ermal Luci with help from Bjoern and Max Laier. Much of this work was funded by us, aside from volunteer efforts from Bjoern and Max providing some guidance along the way and Bjoern especially for review and assistance.
4.5 is the last version of PF before the syntax changed in OpenBSD, and the consensus amongst FreeBSD developers was to not break everyone’s ruleset who is running PF in stock FreeBSD just by doing an OS upgrade, hence why 4.5 was the version of choice.
Where does PF in FreeBSD go from here? We’ve had discussions on this topic already amongst several FreeBSD developers, as well as including some of the OpenBSD guys, and have some rough plans in place for the next steps. More information on that will come later.
Thanks to Ermal, Bjoern and Max for getting this done!
June 29th, 2011 at 3:57 pm
[...] Bjoern Zeeb committed PF 4.5 into FreeBSD HEAD for the 9 release (which will be the basis of pfSense 2.1), ported by Ermal Luci with help from Bjoern and Max Laier. Much of this work was funded by pfSense / BSDPerimeter, aside from volunteer efforts from Bjoern and Max providing some guidance along the way and Bjoern especially for review and assistance. (full post: FreeBSD PF updated to 4.5 for FreeBSD 9) [...]
June 29th, 2011 at 3:57 pm
Congratulations; your outstanding work embodies what’s best about open source – community projects with a successful commercial side to it.
June 29th, 2011 at 4:57 pm
As always, good news!
June 29th, 2011 at 6:38 pm
Looking forward to the 4.6 plans! Some really nice changes went into 4.6 and 4.8—so we’d really like to see them come to our favorite firewall appliance (and FreeBSD)…
June 29th, 2011 at 10:44 pm
As a paying customer it makes me even happier with my decision to support such a great project which contributes well beyond just pfSense. Thanks everyone!
July 14th, 2011 at 9:20 am
Hi Everyone,
When will Pfsense 2.1 version? Pfsense 2.1 version of FreeBSD 9.0 on the run? Is there a roadmap for Pfsense 2.1? Does anyone have information?
Thank you.
July 14th, 2011 at 2:56 pm
adem: 2.1 roadmap here http://redmine.pfsense.org/projects/pfsense/versions/5
more info to come. It will be FreeBSD 9.
July 19th, 2011 at 5:53 pm
Why wouldn’t you update to the latest version of PF? Dumb.
July 19th, 2011 at 6:10 pm
bob: That’s explained in the post. OpenBSD was fine with breaking everyone’s rulesets just by upgrading your OS. FreeBSD devs weren’t fine doing that.
July 20th, 2011 at 6:31 am
I see, but it is inevitable that people will want to run a newer version of PF.
July 22nd, 2011 at 11:25 pm
But as a whole most of us would rather have a working system than a broken system. Many of us use pfsense as an edge device and thus breaking said device would take us down. We also may run our production environments utilizing freebsd services… also potentially affected by the decision. I am happy for the decision. It is nice to know in advance that such changes will be coming and to have time to change rules in various places ahead of time. Thank you Chris, pfsense and freebsd maintainers.
July 23rd, 2011 at 12:40 pm
Just to clarify, that reasoning has no consideration at all with pfSense users, because we would automatically generate the ruleset to the appropriate syntax. It’s only for users of stock FreeBSD who have to manually configure pf.conf. When we’re working on upstream code we have to take the needs of the entire FreeBSD community into consideration, and what’s acceptable to the developer community as a whole.
August 11th, 2011 at 10:57 am
The syntax in PF that is changed is trivial, very trivial. But it opens the gate for more powerful rules. Changing the syntax can be scripted, I have changed over many OpenBSD firewalls and not had problems.
September 15th, 2011 at 3:10 am
I wish you would have used the latest PF version available (4.9), despite the fact that it would have break some rule set.
Many performance improvement have been done between 4.5 and 4.9 and we will be missing them in this new release of FreeBSD
I do not understand/share this decision since eventually I hope the port will go to a revision higher than 4.5 and at that point rule set will need to be review anyway.
People will be doing the job of porting PF twice, to version 4.5 and eventually to a higher version…. Anyway, tank you a lot for finally porting a newer version of PF to FreeBSD 9