"Perhaps due to Oracle's practice of putting beta testers under non-disclosure agreements, or possibly because essentially no tech journalists ever read OpenBSD developer-focused mailing lists, Oracle's PF plans have not generated much attention in the press."<p>Or, perhaps it's because Solaris doesn't matter to anyone anymore.<p>I just spent a week, or so, updating our installer for Solaris, which is the first time I've spent any time on Solaris in a long while. I was surprised by how far behind <i>everything</i> is, and how difficult it is to find people actually doing things with Solaris, anymore.<p>The CSW and spec-files-extra, repositories are all but unmaintained and have been for years, and thus includes packages that are insecure by default. Sun Freeware is now a commercial service, that is expensive enough for me to assume they only have a few hundred users (tops). Installing anything beyond a bare bones AMP stack is an exercise in frustration unlike anything I've ever seen (and I've been messing with UNIX and Linux systems for 20+ years).<p>Solaris 11 currently has outdated everything. The Open Source community that had sprung up around Solaris during the early OpenSolaris years has fled to Illumos-based distributions (or to Linux or the BSDs, I guess; they certainly aren't working on Solaris, anymore), none of which have the resources to even compete with a modern Linux or even the BSDs in terms of number of people working on making it nice, modern, and easy to deploy.<p>In short, Solaris is a wasteland. Oracle seems to just be milking the remaining corporate users until the cash cow falls over dead.
Oct 2014 thread on FreeBSD-based pfSense fork of OpenBSD pf, <a href="https://forum.pfsense.org/index.php?topic=83075.0" rel="nofollow">https://forum.pfsense.org/index.php?topic=83075.0</a><p><i>"2.2 should prove to be significantly more scalable than OpenBSD, since we have SMP-capable pf now, which isn't doable in OpenBSD (and will likely be a number of years until it is). Plus AES-NI, more coming soon. <a href="https://blog.pfsense.org/?p=1473" rel="nofollow">https://blog.pfsense.org/?p=1473</a><p>Bug fixes are brought over into FreeBSD from OpenBSD as needed (sometimes by us, sometimes by others), though FreeBSD pf is essentially a fork at this point since making it SMP-capable changed things significantly. It's mostly separately-maintained at this point."</i>
The blog says:<p><pre><code> possibly because essentially no tech journalists
ever read OpenBSD developer-focused mailing lists,
Oracle's PF plans have not generated much
attention in the press
</code></pre>
But that glosses over the obscurity of the mailing list post. I skim the OpenBSD tech list, and I also overlooked this post. Why? Here's the title:<p><pre><code> pfi_kif leaks for PBR rules
</code></pre>
That doesn't scream "read me" to casual observers, does it?<p>As for support for the "reveal" in the title, the mailing list post goes on to say:<p><pre><code> also for your info: IPF in Solaris is on its
death row. PF in 11.3 release will be available
as optional firewall. We hope to make PF default
(and only firewall) in Solaris 12. You've made
excellent job, your PF is crystal-clear design.
</code></pre>
The IPF packet filter currently in Solaris was originally also in OpenBSD. It was replaced by pf in 2001 after the IPF author started playing games with the copyright.
IIRC, there's work going on in FreeBSD port its multithreading patches up to the latest version of pf. Hopefully the extra resources brought by Solaris using pf will help make that a reality.
Only took some one year for people to notice...<p><a href="http://marc.info/?l=openbsd-tech&m=140335809432589&w=2" rel="nofollow">http://marc.info/?l=openbsd-tech&m=140335809432589&w=2</a>
OpenBSD dev spams us to buy his book, attend his tutorial on pf at BSDcan, and buy OpenBSD CD-ROM sets.<p>Why is this on HN? Why not a link to the original announcement?