From owner-freebsd-pf@FreeBSD.ORG Fri Dec 1 06:35:00 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5C15816A403 for ; Fri, 1 Dec 2006 06:35:00 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (insomnia.benzedrine.cx [62.65.145.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AFC243C9D for ; Fri, 1 Dec 2006 06:34:46 +0000 (GMT) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (dhartmei@localhost [127.0.0.1]) by insomnia.benzedrine.cx (8.13.4/8.13.4) with ESMTP id kB16YwLC002315 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Fri, 1 Dec 2006 07:34:58 +0100 (MET) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.13.4/8.12.10/Submit) id kB16YvmN008729; Fri, 1 Dec 2006 07:34:57 +0100 (MET) Date: Fri, 1 Dec 2006 07:34:57 +0100 From: Daniel Hartmeier To: Sten Daniel =?iso-8859-1?Q?S=F8rsdal?= Message-ID: <20061201063457.GC602@insomnia.benzedrine.cx> References: <62972.217.12.197.82.1164883946.squirrel@sigma.interami.com> <6e6841490611300512t73dca3ddt106d58a3e63bc1f1@mail.gmail.com> <55273.217.12.197.82.1164898183.squirrel@sigma.interami.com> <6e6841490611300803y577338adqf52918ef13ca7605@mail.gmail.com> <2c84c1de0611300832q67d25d13ndadfd2b52ddcf984@mail.gmail.com> <456F6859.5010205@wm-access.no> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <456F6859.5010205@wm-access.no> User-Agent: Mutt/1.5.10i Cc: freebsd-pf@freebsd.org Subject: Re: PF-NAT X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Dec 2006 06:35:00 -0000 On Fri, Dec 01, 2006 at 12:25:13AM +0100, Sten Daniel Sørsdal wrote: > Just about any cheap home firewall can do it these days, i > wonder why the open source community is reluctant to take advantage. The "if a $50 commercial box can do it, why can't pf?" argument pops up every now and then, maybe the answer is not obvious and deserves an explanation. The vendor of the $50 commercial box is working on economical principles. There is a certain cost of implementing the feature, they have to dispatch one of their developers for a certain amount of hours to implement it. Since they are selling a large number of boxes, the cost increases the price of each individual box only slightly. Whether the particular developer is interested in implementing the feature is not relevant. He/she gets paid to do it. In exchange, the vendor gains some advantage over the competition in the market. Or, put the other way, if they wouldn't implement the feature, they'd be at a disadvantage against the competition. So the cost of implementation is compensated by increased sales and profit. The vendor will do this calculation. You can be sure that if the expected increase in profit isn't higher than the cost, the vendor will not implement the feature, no matter how much the consumers demand it. That's how a commercial vendor works. That has nothing to do with how "the open source community" works. Open source is not a producer/consumer model, where the open source developers are the producers and the users the consumers, and the producers fight over market share to increase financial profit. The community works like this: if a feature is highly desired by a significant portion of the population, eventually one of those people will have the skills and time to implement it. He/she will then share the result with everyone else. Conversely, if a feature isn't ever implemented like that, you can conclude that it wasn't desired highly enough by a significant enough portion of the population. If you don't agree, prove me wrong, by implementing the feature ;) Daniel