From owner-freebsd-pf@FreeBSD.ORG Fri Jan 14 03:53:24 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B85E106564A for ; Fri, 14 Jan 2011 03:53:24 +0000 (UTC) (envelope-from cmb@pfsense.org) Received: from mail.pfsense.org (mail.pfsense.org [69.64.6.29]) by mx1.freebsd.org (Postfix) with ESMTP id 60FA48FC08 for ; Fri, 14 Jan 2011 03:53:24 +0000 (UTC) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.pfsense.org (Postfix) with ESMTP id EDBE1209FE for ; Thu, 13 Jan 2011 22:34:17 -0500 (EST) X-Virus-Scanned: amavisd-new at mail.pfsense.org Received: from mail.pfsense.org ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ln825t642OC for ; Thu, 13 Jan 2011 22:34:15 -0500 (EST) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mail.pfsense.org (Postfix) with ESMTPSA id 3A2371FB82 for ; Thu, 13 Jan 2011 22:34:15 -0500 (EST) Received: by fxm16 with SMTP id 16so2472464fxm.13 for ; Thu, 13 Jan 2011 19:34:13 -0800 (PST) Received: by 10.223.98.204 with SMTP id r12mr186842fan.102.1294976053777; Thu, 13 Jan 2011 19:34:13 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.93.193 with HTTP; Thu, 13 Jan 2011 19:33:52 -0800 (PST) In-Reply-To: <20110113055136.GU24439@anarcat.ath.cx> References: <20110113055136.GU24439@anarcat.ath.cx> From: Chris Buechler Date: Thu, 13 Jan 2011 22:33:52 -0500 Message-ID: To: The Anarcat , harold barker Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: long term maintenance of pf in FreeBSD (AKA where's pf 4.7?) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Jan 2011 03:53:24 -0000 On Thu, Jan 13, 2011 at 12:51 AM, The Anarcat wrote: > Hi! > > I have digged into the archive after reading in the handbook that pf is > stuck at OpenBSD's 4.1 version, which is now quite old (may 2007). > > I have found this thread mentionning testing required for a patch: > > http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html > > ... it then seemed the patch had some issues: > > http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005860.html > > Others have raised a similar issue about backporting 4.7 into FreeBSD: > > http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005862.html > > For context, OpenBSD 4.7 (may 2010) is the last significant release > including changes in pf: > The first post in the above thread says why the next import into FreeBSD will be 4.5, breaking your ruleset by upgrading your OS is being avoided for now. > So my question is: what's the plan? Is anybody actively maintaining pf > in FreeBSD at this point? > It's a lot of work, Max who did the original port hasn't had time to maintain it, but Ermal Luci is picking up maintainership. The plan discussed at the FreeBSD dev summit at EuroBSDCon last year is the 4.5 PF will be imported for FreeBSD 9, and from there options will be considered for the path forward. > PS: I ask because we're considering switching our routers from OpenBSD > to FreeBSD to ease maintenance (yay freebsd-update) but the outdated pf > version is a serious hindrance as we're looking at using the new > 'sloppy' state tracking mecanisms > Note there is a patch to add sloppy state tracking to FreeBSD 8.1, pfSense uses it, you can find the patches in the tools repo at rcs.pfsense.org. Of course using a kernel patch rules out using freebsd-update though. On Thu, Jan 13, 2011 at 11:44 AM, harold barker wrote: > > I like and use PF on FreeBSD. =A0I would greatly appreciate someone commi= tting to more then a wham bam thank you madam port. =A0I am willing to put = some > money in the pot. Ermal will be putting more time in it early this year, he makes a living working on pfSense, as well as the rest of our staff who make a living on the project helping with testing and related things. Though part of that depends on us having funding available to cover salaries for the time put into projects and at this point we don't have anyone looking to fund that time. We cut as good of a deal as we can on open source work, just covering our own costs, and probably losing money on this one as we're going to make it happen regardless as long as we don't have to take too big of a hit on it. We're consumed with other projects at this instant but will be looking at this again soon. Chris