A short npf note

NetBSD is using/will be using? ‘npf’, a new version of pf similarly-named-but completely-different firewall from pf.  Hubert Feyrer put together a bunch of links talking about it.  I link this because DragonFly is using a version of pf equivalent to what OpenBSD 4.8, and there’s been some discussion of what to do next; it appears FreeBSD and NetBSD are forking off separately from OpenBSD’s version.

Update: npf and pf share 2 letters in the name and nothing else, as Joerg told me – corrected.

3 Replies to “A short npf note”

  1. npf is not a fork, but a conplete rewrite with multiprocessing being part of its design from the start. It’s basically how of would be if it would have been written today.

  2. I think “how pf would be had it been written today” is a bit of a stretch. There are many other aspects of pf besides whether its packet-filtering engine can utilize multiple cores. I don’t believe the OpenBSD pf devs see lack of multicore packet filtering as a big handicap on that platform.

    While running multi-core was a consideration, I suspect the porting effort was one, too, as OpenBSD pf has become more tightly integrated with its kernel.

Comments are closed.