From owner-freebsd-pf@FreeBSD.ORG Thu May 27 14:43:44 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85E9D106566B for ; Thu, 27 May 2010 14:43:44 +0000 (UTC) (envelope-from britneyfreek@googlemail.com) Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id 07A708FC0C for ; Thu, 27 May 2010 14:43:43 +0000 (UTC) Received: by gwj21 with SMTP id 21so15961gwj.13 for ; Thu, 27 May 2010 07:43:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=guF+rxvX/qhrpgwJ9poxlMfET5rtrIZTyxFzagQyYaM=; b=DWoMLC0f5dv1kE8F4Dvh7krtd3dwJbPEIU5bHG+7lK9J1HT9cNXOMfTTCG4Qsuq+yU Kr4UT67Az1Q0G9N+vENSFnlPe4xFoSQnO36XUQrqUjEiN9sSxz3KCL8iskqhyz33Q08/ 3/WdQZY6ZLZMmeTsBa1q7jMVndxvca/TsGBbs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=jUEFDrMLETHURrHqp0u9JBqLsi0q4tNA8frMh+IE4pYLZrG/t9WJDQFuS4QcINZ3K5 A1hWS862ohvxVi7iopr4BgQiRaSRjafrKH/vv3L7AtBlUJ/TGVk+Y4Plrp/lwpKwrktv g4wpHFSJy/rDj1rJ1Dfr3orSqvLqe/IbRbT1I= MIME-Version: 1.0 Received: by 10.150.103.12 with SMTP id a12mr278897ybc.112.1274971422450; Thu, 27 May 2010 07:43:42 -0700 (PDT) Received: by 10.151.43.13 with HTTP; Thu, 27 May 2010 07:43:42 -0700 (PDT) In-Reply-To: <4BFE7B74.4050709@FreeBSD.org> References: <4BFE5A26.8030301@FreeBSD.org> <201005271534.27006.max@love2party.net> <4BFE7B74.4050709@FreeBSD.org> Date: Thu, 27 May 2010 16:43:42 +0200 Message-ID: From: britneyfreek To: Martin Matuska Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: Base import proposal: relayd X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 14:43:44 -0000 hello everyone, i'm just following this thread but this actually sounds very interesting and useful. i prefer using freebsd running on key hosts in networks - like you said, firewalls, for example. having such tool ootb would be a worthy addition. - b 2010/5/27 Martin Matuska : > Well, what relayd actually provides is level 3 and level 7 reverse proxy > (with transparency support) and a load-balancer. > > We could say that this can be seen as a "frontend to pf", but also as a > level 7 reverse proxy like varnish or pound. I have experience with all > of these. The configuration file syntax matches pf.conf(5). People with > pf(4) skills can take a benefit of it, for me it was the daemon I was > searching for a long time. > > Why putting it in base? We could provide an out-of-the box load-blancing > solution with service availability checking. > This is indeed very useful when FreeBSD is used as a (load-balancing) > firewall. In addition, the code is quite small and easy to integrate. > > On the other hand, the current port (dating december 2007) is in a very > buggy state and I do not recommend using it, as it might easily confuse > your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors > on exit or segfault on reloading a mistyped configuration file. > > As an alternative I would like to maintain the port, I am already trying > to get in touch with Jun Kuriyama. > > Cheers, > mm > > D=C5=88a 27. 5. 2010 15:34, Max Laier =C2=A0wrote / nap=C3=ADsal(a): >> Hello Martin, >> >> On Thursday 27 May 2010 13:40:22 Martin Matuska wrote: >> >>> Comments and suggestions are welcome. >>> >> first off, thank you for your interest in pf - more hands are greatly >> appreciated! >> >> On the $subj, I'm not sure what the added benefit of relayd in base is. >> Having it in ports makes it easier to pull in new features/releases. =C2= =A0The same >> could be said for (t)ftp-proxy, but it was decided that ftp NAT support = is a >> *basic* function of any firewall and therefore should be in the base sys= tem. >> >> Can you share your reasons for wanting it in base as opposed to ports? >> >> On the nitpicking side of things - from a quick glance: =C2=A0The build = of >> relayd/ctl should probably be conditional on WITHOUT_PF. >> >> Thanks, >> =C2=A0 Max >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >