Hacker News new | past | comments | ask | show | jobs | submit login

Well pfsync is only for freebsd pf. If you use linux instead then you'll be using iptables + conntrackd.

They're both powerful systems with a different way of thinking about the idea of packet filtering and mangling!




(pf is actually taken from openbsd and ported to freebsd every few release cycles, so pf/pfsync/carp is an openbsd-ism made available to others by the generosity of using the BSD license.)


The PF that is currently in 9.1 is a few releases behind from OpenBSD and most likely will stick that way because of major changes. In FreeBSD the PF is now fully multi-core aware and thus granularly locked providing a lot of extra performance, this does mean that importing the latest changes from OBSD into FBSD is going to be more difficult!


Interesting, didn't know that! How do the multi-core abilities of PF compare to how Linux handles iptables (interrupt handling, which multi-core depends on your kernel supporting it)?


I don't know. I don't use iptables. The last time I deployed Linux was for an Android Continuous Integration server since the SDK won't run on the BSD's.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: