From owner-freebsd-pf@FreeBSD.ORG Sun Dec 7 10:56:59 2014 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 25AD1388 for ; Sun, 7 Dec 2014 10:56:59 +0000 (UTC) Received: from nskntmtas06p.mx.bigpond.com (nskntmtas06p.mx.bigpond.com [61.9.168.152]) by mx1.freebsd.org (Postfix) with ESMTP id B672D12D for ; Sun, 7 Dec 2014 10:56:58 +0000 (UTC) Received: from nskntcmgw08p ([61.9.169.168]) by nskntmtas06p.mx.bigpond.com with ESMTP id <20141207105656.VQCW7536.nskntmtas06p.mx.bigpond.com@nskntcmgw08p>; Sun, 7 Dec 2014 10:56:56 +0000 Received: from hermes.heuristicsystems.com.au ([58.173.108.194]) by nskntcmgw08p with BigPond Outbound id Qawv1p00R4BhPve01awvKa; Sun, 07 Dec 2014 10:56:56 +0000 X-Authority-Analysis: v=2.0 cv=D6DF24tj c=1 sm=1 a=4+whva0L5pAyL5dznpY5+Q==:17 a=lcq_WjttSJ0A:10 a=N659UExz7-8A:10 a=GHIR_BbyAAAA:8 a=A92cGCtB03wA:10 a=6I5d2MoRAAAA:8 a=3tcz3bTJAAAA:8 a=mtxm2xT171OXkqf2SW0A:9 a=pILNOxqGKmIA:10 a=4+whva0L5pAyL5dznpY5+Q==:117 Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id sB7Au1g7078415 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Sun, 7 Dec 2014 21:56:04 +1100 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <54843241.1070908@heuristicsystems.com.au> Date: Sun, 07 Dec 2014 21:56:01 +1100 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: Martin Hanson , freebsd-pf@freebsd.org Subject: Re: FOLLOW-UP References: <363021417833295@web21g.yandex.ru> In-Reply-To: <363021417833295@web21g.yandex.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Dec 2014 10:56:59 -0000 On 6/12/2014 1:34 PM, Martin Hanson wrote: > Okay, this part "Has any important bugs been fixed in PF on OpenBSD > since the current port in FreeBSD that actually makes the current PF in > FreeBSD "dangerous" to run with?" was actually a really stupid question! > > The.. > > http://svnweb.freebsd.org/base/vendor-sys/pf/4.5.002/?view=log > > .. shows that the last import was for tag 4.5.002 5 years and 3 month > ago! > > Going back to that time in the OpenBSD CVS log and then scrolling up > until present day shows quite a bunch of REALLY important fixes! I am > NOT talking about the changes made by the OpenBSD guys, just bug and > error fixes! > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c > > Problems that can cause kernel crashes, fixes for PF crashing faults, > out-of-memory errors, leak of states, and a whole lot of other > important stuff. > > Nobody in their right mind would run the current version of PF on > FreeBSD! > > I am sorry, but how can someone be so stupid as to get a whole bunch of > new features into a product that seriously needs upgrading first!? > > Whats going on FreeBSD? You used to be all about quality, now you're > all about "bleeding edge features" and don't give a s*** about the rest? > > Linux can get away with that crap ONLY because such a huge bunch of > people and organisations are running and supporting it, they have a LOT > of people developing stuff and fixing stuff really quick, FreeBSD > haven't got that user base! > > It needs to be about quality over features! Like in the good old 4.x > and 5.x days! > > Martin > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Martin, I'm new to the pf list, as I'm looking to transition from ipfw to pf. I wonder if your comparison might be better placed between http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c and the goodies under https://svnweb.freebsd.org/base/head/sys/netpfil/pf/ rather than https://svnweb.freebsd.org/base/vendor-sys/pf/ I don't know if the latter has any relevance? Regards, Dewayne -- For the talkers: “The superior man acts before he speaks, and afterwards speaks according to his action.” For everyone else: “Life is really simple, but we insist on making it complicated.”