I haven't looked in a while, but an update would be nice. When I was looking at it in the last couple years, many things in the networking stack were unchanged since the late 90s/early 2000s, so macos didn't have syn flood protection built in, and while the macos pf had synflood stuff, it only works if the macos host is strictly a firewall, using the syn protection for traffic where macos is an endpoint results in no connectivity.

If they pulled in a more recent pf from either OpenBSD or more current FreeBSD would be welcome. (And you know, a recent tcp stack would be nice too; although they've added in things like MPTCP that they'd need to port forward by 20+ years)

On my mbp, the man page for `pfctl` contains the following:

>HISTORY

> The pfctl program and the packet filter mechanism first appeared in OpenBSD 3.0.

The same is in the current manpage on OpenBSD: <https://man.openbsd.org/pfctl>. The next line is more telling though:

> July 1, 2007

Although I'm running Monterey, so maybe it's updated in more recent versions of MacOS.

Mine doesn't have a date at the bottom, just a macOS version number.

Still 2007 here in macOS Sonoma 14.0

I'm just super surprised it's there at all considering no rules are defined by the OS, and nobody uses it anymore because all the firewall vendors moved over to system extensions.

when I use pfctl on macOS I see apple defined anchors.

edit: never mind, it does