From owner-freebsd-pf@FreeBSD.ORG Mon Oct 18 11:53:51 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 54C4916A4CE for ; Mon, 18 Oct 2004 11:53:51 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF62B43D1F for ; Mon, 18 Oct 2004 11:53:50 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.160] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CJW5A-0005OU-00; Mon, 18 Oct 2004 13:53:44 +0200 Received: from [217.227.151.171] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1CJW59-0000ay-00; Mon, 18 Oct 2004 13:53:44 +0200 From: Max Laier To: stheg olloydson Date: Mon, 18 Oct 2004 13:53:16 +0200 User-Agent: KMail/1.7 References: <20041018043106.57778.qmail@web53907.mail.yahoo.com> In-Reply-To: <20041018043106.57778.qmail@web53907.mail.yahoo.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1102097.YEOH9uDcCj"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200410181353.24464.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: Re: Plans for 6-CURRENT and 5-STABLE X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Oct 2004 11:53:51 -0000 --nextPart1102097.YEOH9uDcCj Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 18 October 2004 06:31, stheg olloydson wrote: > it was said by Max Laier on 17.10.04: > >There are some FreeBSD specific things that need improvement and clean > >up. This is the first task that I will work on in 6-CURRENT starting > >from now. > > > >Most prominently this includes the interface handling. There are some > >open problems to be addressed, such as the inability to recognize > >renamed interfaces as well as problems around 6to4. > > Does this include improvements in bridging? I saw your comments in a > reply to this list 15.10.04. on this issue that vast improvements to > FBSD's bridging support are needed to enable use of all of pf's > features. While I am not using bridging now, I will need to set it up > in six months or so. No. Bridgeing is a completely different story. I'd welcome an import of=20 if_bridge from Net/OpenBSD, but I will not have time to persue this. There= =20 was an effort to do so, but - unfortunately - I lost track of it. People=20 interested should find it in the -current or -net archives. > >Another big thing on the plate now, is a shared/exclusive lock semantic = for=20 > >the ruleset evaluation. This will not only speed things up by quite a bi= t,=20 > >but will also resolve the requirement to run with mpsafenet=3D0 if one w= ants=20 > >to use user/group based filter rules. =20 > > How badly does this impact now? This is a feature I have been looking > forward to using. Largely depends on your workload, hardware and so forth. If you have - for= =20 example - a fairly heavy loaded MySQL on a 4way Xeon box, you'd want to run= =20 with mpsafenet=3D1 (and hence avoid using user/group rules). On an UP box i= t=20 should not matter. > >All these projects will be merged into 5-STABLE once they have proven in= =20 > >HEAD.=20 > > Will they be merged to 5-RELEASE, as well? I prefer not to track > STABLE. There is no such thing as 5-RELEASE. RELENG_5_3 (which you might be confusi= ng=20 here) is solely for merging security fixes. All other changes go to RELENG_= 5=20 (aka 5-STABLE) and become part of the *next* release. > > Thanks for reading so far, please let me know your thoughts, concerns a= nd=20 > > questions. > > You're welcome. And thank you for your efforts in bring pf over from > OpenBSD! One final question: Considering the inevitable loss of sync > with the OBSD version, is separate FreeBSD-centric documentation > planned? I ask because currently all docs are done by OBSD people, as > far as I can tell. (I'd be willing to try my hand at this if someone > doesn't mind my asking a lot of questions.) The firewall chapter of the Handbook is being revised to give some informat= ion=20 about PF as well. This will link to the OpenBSD PF-FAQ - an extra ordinary= =20 piece of documentation - for now. Depending on "how bad" we diverge from=20 OpenBSD we will either maintain our own version of the FAQ or (more likely)= =20 describe the "delta" between Open- and FreeBSD's PF in the handbook's=20 firewall chapter and continue to reference the FAQ. At the moment the=20 difference between OpenBSD 3.5 PF and FreeBSD 5.3 PF is negligible. But of course, you are more than welcome to read the existing documentation= ,=20 to identify problems and differences and eventually provide solutions. Aski= ng=20 questions is not a problem either. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1102097.YEOH9uDcCj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBc660XyyEoT62BG0RAkKrAJ9FJIb8e4Ca4b1mxitlJwKXDr9ZMQCdHxux z6kgcCGNdC8kS3t16S+AJqg= =sRgV -----END PGP SIGNATURE----- --nextPart1102097.YEOH9uDcCj--