From owner-freebsd-pf@FreeBSD.ORG Tue Nov 20 08:07:35 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5C4B6CEF; Tue, 20 Nov 2012 08:07:35 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-oa0-f54.google.com (mail-oa0-f54.google.com [209.85.219.54]) by mx1.freebsd.org (Postfix) with ESMTP id E50BC8FC13; Tue, 20 Nov 2012 08:07:34 +0000 (UTC) Received: by mail-oa0-f54.google.com with SMTP id n9so7232515oag.13 for ; Tue, 20 Nov 2012 00:07:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5xYsDBNfprND9ZkJCnn819pMKmtcu8izONyjcgCjICU=; b=NnnqD+nhfyGwZfX0Dj7/JQUXOxCrn00jyXJdwIzJC9OM2MYpCzsbYF2Kxm5hoNvY9O +0xGwr3LpGt9pyFuDyIWd3wqbi5hFSyYGuUaf6A9T+Vg8plBJXc9Zx4yW0jhd8HFBA/O MQz6z4cP/4715ZIH1/4DodvA+eG+IOmX7C6jBJIMbW1dmgoTy9+97u+dLtYjFBz2H+bM g7IpOP8Alw/v5j5fRt6Ju9QRjKBxoIgh1Jsk7x89rIPmyGQbYRy+fVRQHsS8XJmrA2OZ JO02Vqk/dTiJLYbdwgNvZAFHwu4cPubqr3CjdpMa6nG1QrO7UmhNQaypCaLcSM/wDqDC Y1pQ== MIME-Version: 1.0 Received: by 10.182.127.102 with SMTP id nf6mr13045939obb.14.1353398854298; Tue, 20 Nov 2012 00:07:34 -0800 (PST) Received: by 10.182.97.162 with HTTP; Tue, 20 Nov 2012 00:07:34 -0800 (PST) In-Reply-To: References: Date: Tue, 20 Nov 2012 10:07:34 +0200 Message-ID: Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. From: Sami Halabi To: =?ISO-8859-1?Q?Ermal_Lu=E7i?= , Gleb Smirnoff Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Paul Webster , "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 08:07:35 -0000 Hi, This was actually discussed much before, as I read it would make some issues with the new pf-smp work done by gleb. Sami On Tue, Nov 20, 2012 at 9:55 AM, Ermal Lu=E7i wrote: > On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington >wrote: > > > On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster < > > paul.g.webster@googlemail.com > > > wrote: > > > > > Good day all, > > > > > > I am aware this is a much discussed subject since the upgrade of PF, = I > > > believe the final decision was that to many users are used to the old > > > style pf and an upgrade to the new syntax would cause to much > confusion. > > > > > > There was a recent debate on ##freebsd about this issue and I was > > inclined > > > to mail in and get your opinions; basically it boiled down to the > > majority > > > of users wanting either: > > > > > > 1) To move to the newer pf and just add to releases notes what had > > > happened, > > > and > > > 2) my own personal opinion: creating 'pf2-*' as a kernel option tree, > > > basically using the newer pf syntax and allowing users to choose. > > > > > > I would be interested to know the feedback from you guys as to be > honest > > > there seems to be quite a few users who actually DO want the new styl= e > > > format and functionality that comes with. > > > > > > I Attached the log of the conversation just for reference. > > > > > > > > It's been difficult enough to maintain PF on FreeBSD because of the tim= e > > needed to be invested in the FreeBSD port. > > This situation remains to date, from what I understand. I guess someone > can > > look at how many bugs/feature requests still remain open for PF on > FreeBSD. > > > > I therefore feel that whoever wants to run PF should use a dedicated > > OpenBSD box as a firewall/whatever they use PF for. > > There is really no point trying to make FreeBSD be OpenBSD when it come= s > to > > such requirements. Look at the advantages of "separation of power" - gi= ve > > to OpenBSD the fireallpower and FreeBSD the serverpower. > > > > In keeping with the K.I.S.S principle, please let anyone needing new PF > > syntax just use OpenBSD. > > > > My humble opinion. > > -- > > Best regards, > > Odhiambo WASHINGTON, > > Nairobi,KE > > +254733744121/+254722743223 > > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > > I can't hear you -- I'm using the scrambler. > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > > The truth is that you can add a shim layer between the old syntax to new > syntax and maintain the new 'locking' present in 10.x branch. > > Maybe it would be worth to send a project proposal to the FreeBSD > Foundation about this, > but i do not know how keen they are to support through funding this. > > When the locking was changed there were a discussion about keeping both o= f > the versions but it was just thrown to the trash by the guy doing > the new 'locking'. > > Probably it has to be asked to the foundation how keen they are to suppor= t > this development to have things upgraded. > > -- > Ermal > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --=20 Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert