Re: Future of pf / firewall in FreeBSD ? - does it have one ?

From: Baptiste Daroussin <bapt_at_FreeBSD.org>
Date: Sun, 20 Jul 2014 16:31:41 +0200
On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote:
> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels <lars.engels_at_0x20.net> wrote:
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two versions of
> >> pf on the bsd's at the user level, is a bad thing. It confuses people,
> >> which puts them off. Its a classic case of divide an conquer for other
> >> platforms. I really like the idea of the openpf version, that has been
> >> mentioned in this thread. It would be awesome if it ended up as a supported
> >> linux thing as well, so the world could be rid of iptables. However i guess
> >> thats just an unrealistic dream
> >
> > And you don't seem to get the point that _someone_ has to do the work.
> > No one has stepped up so far, so nothing is going to change.
> 
> Gleb believes that the majority of FreeBSD users don't want the
> updated syntax, among other changes, from the more recent pf versions.
> Developers who share his opinion are not going to volunteer to do the
> work. This discussion is about showing this belief to be wrong, which
> is the first step in the process.
> 
> In my opinion, the way forward is to forget (at least temporarily) the
> SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> follow their releases as closely as possible, and then try to
> reintroduce all the SMP work. I think the latter has to be done
> upstream, otherwise it'll always be a story of diverging codebases.
> Furthermore, if FreeBSD developers were willing to spend some time
> improving pf performance on OpenBSD, then Henning and other OpenBSD
> developers might be more receptive to changes that make the porting
> process easier.

smp is not the only change we did, if you forget about it you will also get into
other co plication to sync from openbsd

Bapt

Received on Sun Jul 20 2014 - 12:31:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:50 UTC