Date: Mon, 21 Jul 2014 07:31:01 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <53CCB3A5.2010403@infracaninophile.co.uk> In-Reply-To: <alpine.LRH.2.11.1407201809490.20643@sas1.nber.org> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <CALfReycHtSi5GXgFZihrTsgDG6wc-ZfkYmQu7AjQmOKdeXntrA@mail.gmail.com> <CAEeRwNV3bJrM5KrGObZtNvSY1mVMW9jz2M4t2m2SSq_vvWmZ5w@mail.gmail.com> <CALfReyfWJd7YOi_Y8Mq=Q-xndLueF7vU5xwc1w_YGyM1a9DQZA@mail.gmail.com> <53CA2D39.6000204@sasktel.net> <CALfReyfkZY1ZDNohP6npRVQfjBK2M6j59R8idUGazr1yJDX3Jg@mail.gmail.com> <20140720123916.GV96250@e-new.0x20.net> <alpine.LRH.2.11.1407201430030.2748@nber7.nber.org> <20140720214629.GF197@home.opsec.eu> <alpine.LRH.2.11.1407201809490.20643@sas1.nber.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HlOfalfeEJcIEv62PV8SoIKkEDIhECGrv Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 20/07/2014 23:26, Daniel Feenberg wrote: > I am not privy to the inner workings of the project, but surely a > decision of this importance would come to the attention of the > core team, who are listed at: >=20 > http://www.freebsd.org/administration.html#t-core Members of the core team are well aware of the discussions around pf -- possibly not the current thread in -questions@..., but certainly discussion on -net@... and other more technical lists. However core is not necessarily the body to decide how pf should be developed in future. Such decisions are usually made by the developers with deep domain knowledge and the time and resources to work on the area. core would only tend to get involved in case there was a dispute between developers that could not otherwise be resolved, or if there were questions of licensing or some problem that would bring the entire project into disrepute. In fact a far more relevant body in this case is the FreeBSD Foundation. As the primary fundrasing arm of the project they would be the people to go to when looking to fund development on something like this. > A port of OpenBSD PF may be quite impractical or undesirable- I have no= > idea. However, if all potential contributions are viewed as criticism t= o > be refuted, it will damage the ability of the project to attract > contributors. Rather than telling a potential contributor that their > efforts will never be included in the official distribution it would be= > more supportive of the project to say that a port of PF would be welcom= e > as a port, but might have difficulty displacing current offering. That > doesn't promise anything, but encourages involvement, if indeed > involvement is desired. Now this -- on the level of how the project encourages or discourages contributions of development work -- is far more the sort of thing core takes an interest in. However the first question will be 'does whatever proposed change stand up technically?' =46rom what I've seen in this thread, there is an expressed desire to resynchronise the syntax used by pf.conf(5) with OpenBSD -- for which there are valid arguments both for and against. However the suggestion that this should be done by re-importing the entire pf code base from OpenBSD has been rebuffed for good reason. Whether it is feasible to update just the pf user interface -- maybe even allow 'old' and 'new' syntax depending on command line options -- is a far more interesting question. Also, do not confuse the responses of one or a small group of FreeBSD developers for the general policy of the project. FreeBSD developers tend to be a self-selected highly technical bunch and not always interested in or practised at dealing with the general public. Stringent criticism is actually a good sign: it means that what is being proposed looks to have potential, but definitely needs work. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --HlOfalfeEJcIEv62PV8SoIKkEDIhECGrv Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTzLOtXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATFKMQAJzYYlGQcr8lTcq5bn48O12h rXb2+RbIEDZsxflwDNWguaD6iNXqEkWyw5XgaWoS+PUu4QC2JFB2MPFlJYrs2SIi QuQoQpDL3QP7AhwH3k/6RQiL3rofhzQFLVndeKf1wGO5NJBzUvcELlVYYAjbj9lz PQiPKfsIPE6GpsCU7DBbLZbsEvLug0NUM+XTf7hP4VK0nRqq6/rbJdfANRJ9h06z OMFbKjWfMzV39MtxL8DTC6ZegiNG1EMkBTiR0qr3GFNc9nRNgrmuo+2zM4rtYJBE Ny8Ci0GhtXebT8k3TdDqpBpWvxO3ZOTnxf38dRHhEtWH1J9Q4JLv3ZmusWW2BdfS ecwio8dZwLSlId3RDx7iOyuPDiBIgInrryiWajYcJQ7Xt5QtZJrPVnxcvMlPFxE8 m6dvMP/xoTyKtkRWSLDoeHFr4c8zMZGEL6ejGR0Iurud6hD5bwemPhMgT9POCvL/ 3JGa1PL33wD7RGq2/x9Qq7rws4BtN90GzXYNR+s1bM60M5CFsZDBsVRrktA6zE2c KWle4miA7NivsSJjicWMo+AT0liglWFWl88uIuYp/lneIpf+fekLen6jCuUVBxHf dVK9SYQpp6g7brMwGmyr2L86ur8306hH7oKot8ltMjlE10fYyAptAeP3gUXddttO xVMaXD4wuLUyKshxPqNQ =4ma9 -----END PGP SIGNATURE----- --HlOfalfeEJcIEv62PV8SoIKkEDIhECGrv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53CCB3A5.2010403>