From owner-freebsd-current@freebsd.org Sun Nov 29 03:48:06 2020 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 82D9D474F69 for ; Sun, 29 Nov 2020 03:48:06 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CkDps3W8yz3P7X for ; Sun, 29 Nov 2020 03:48:05 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-ej1-x634.google.com with SMTP id jx16so13380516ejb.10 for ; Sat, 28 Nov 2020 19:48:05 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Y7dnogdvhjMFpYW/gIBd7CJhhVhWZmY2NwsUK5FCePw=; b=FEu7ENqT9LPyjiszWGL6JYlwHwcE1bPXIuzF+Z5c4sY2qJaNfqUB09PoCh777nUEWw LhDFNl0syWMHIwtHNiuLG/t2gPo0IHtBYpvc+lSY+1ajB9jS+MP+pCyHysphOhptwSTU HGlwuzytZRyeyQuIXsZSQ6YbipNwzZ/TXQbeCF9wYQCR5sNRRTxkBy67dufaSjTjOvjC s/aW55hrZeA2Vl1JPOsCG/+exPi91lbz/RASVoyJ9j9EbuEJAitZdRdiqL3mbgaFAAFi 2swpMotSfA4rc7jMabGLSA1bxUTkBhF3xfppCfgE8UUc8WoUEUlZS8G2zwvGue0gUm/+ GUXQ== X-Gm-Message-State: AOAM531MsPQzQMcAQGLFvHwpxWxTBvf+zaBpsdiI4086q7UvU6Z/ZIP5 klM8pAEoCFPjy3n8gPTxlk/rAFENLLj20bm+blE65bNVkWineg== X-Google-Smtp-Source: ABdhPJw9TREobXpSu6xaab8FnUeB0u7POHkY+DZA/xL47YnZA9G0Md6xiolu3g45Lq8E91dd+OqhhlQURE8eTKsKoTk= X-Received: by 2002:a17:906:1b04:: with SMTP id o4mr14884722ejg.531.1606621683263; Sat, 28 Nov 2020 19:48:03 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a50:344f:0:0:0:0:0 with HTTP; Sat, 28 Nov 2020 19:48:02 -0800 (PST) In-Reply-To: <202011280626.0AS6QAbC032721@slippy.cwsent.com> References: <202011280626.0AS6QAbC032721@slippy.cwsent.com> From: grarpamp Date: Sat, 28 Nov 2020 22:48:02 -0500 Message-ID: Subject: Re: firewall choice To: freebsd-current@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4CkDps3W8yz3P7X X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.97 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.97)[-0.968]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2a00:1450:4864:20::634:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2a00:1450:4864:20::634:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::634:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-current] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 29 Nov 2020 03:48:06 -0000 > in reaction to the license Yes, license matters, and woe the history. > It's hardly deprecated in NetBSD. Christos Zoulas and I have exchanged a > fair bit of code. > > Darren Reed released and maintained IPF through the Australian National > University. NetBSD imported it, like we do here at FreeBSD, into their src > tree. Past tense. Upstream appears dead, for years. http://netbsd.org/docs/ search: deprecat ipf (and pf) is deprecated in NetBSD in favor of npf, various NetBSD docs, manpages, etc say this in different places and ways, ultimately imparting in sum the shift to npf. NPF seems the forward looking ongoing concern filter in NetBSD. DR hasn't cut a ipf release since 5.1.2 almost a decade ago, and all the project release websites lists for ipf appear gone. And it's been hampered by license problems, just like xf86, qmail, bsd, nprobe, zfs, etc. There are cases of too much history weighing opensource projects. Distributed maintenance and exchange is certainly cool, but ipf diffs exist, and users should perhaps not view that model as a formal cross platform ongoing project such as they may be accustomed to. That actually gives rise to what a brand new clean slate startup 2-clause fully featured cross platform packet filter of the future might look like, for at least the BSD's (maybe working on Linux too). But that's a separate conversation. So for now, the BSD's (and Linux) really enjoy a mashup of filters where none have really made it cross platform and in sync yet. Perhaps a broad scope wiki comparison would show that, and end up pointing out the interesting opportunity therein.