From owner-freebsd-pf@FreeBSD.ORG Thu May 27 14:57:08 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D822106567A for ; Thu, 27 May 2010 14:57:08 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.187]) by mx1.freebsd.org (Postfix) with ESMTP id ED01C8FC31 for ; Thu, 27 May 2010 14:57:07 +0000 (UTC) Received: from vampire.homelinux.org (dslb-088-066-001-178.pools.arcor-ip.net [88.66.1.178]) by mrelayeu.kundenserver.de (node=mrbap0) with ESMTP (Nemesis) id 0M1AGu-1NOZxa2DRQ-00tCxW; Thu, 27 May 2010 16:57:06 +0200 Received: (qmail 15960 invoked from network); 27 May 2010 14:57:05 -0000 Received: from f8x64.laiers.local (192.168.4.188) by ns1.laiers.local with SMTP; 27 May 2010 14:57:05 -0000 From: Max Laier Organization: FreeBSD To: Martin Matuska Date: Thu, 27 May 2010 16:57:05 +0200 User-Agent: KMail/1.13.3 (FreeBSD/8.0-RELEASE-p2; KDE/4.4.3; amd64; ; ) References: <4BFE5A26.8030301@FreeBSD.org> <201005271534.27006.max@love2party.net> <4BFE7B74.4050709@FreeBSD.org> In-Reply-To: <4BFE7B74.4050709@FreeBSD.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="windows-1250" Content-Transfer-Encoding: 7bit Message-Id: <201005271657.05617.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+a0r8kcVO93w2I4ujnW0f2mLsER+vIDS0ieJz 8S+fqyqDKdztNSWKVZA566sSvyhusiUtXulmj1wPlbnvm6+Kv6 G2gmT2cC7qQMdMQfTXn6g== Cc: freebsd-pf@freebsd.org Subject: Re: Base import proposal: relayd X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 14:57:08 -0000 On Thursday 27 May 2010 16:02:28 Martin Matuska wrote: > Well, what relayd actually provides is level 3 and level 7 reverse proxy > (with transparency support) and a load-balancer. > > We could say that this can be seen as a "frontend to pf", but also as a > level 7 reverse proxy like varnish or pound. I have experience with all > of these. The configuration file syntax matches pf.conf(5). People with > pf(4) skills can take a benefit of it, for me it was the daemon I was > searching for a long time. > > Why putting it in base? We could provide an out-of-the box load-blancing > solution with service availability checking. > This is indeed very useful when FreeBSD is used as a (load-balancing) > firewall. In addition, the code is quite small and easy to integrate. > > On the other hand, the current port (dating december 2007) is in a very > buggy state and I do not recommend using it, as it might easily confuse > your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors > on exit or segfault on reloading a mistyped configuration file. > > As an alternative I would like to maintain the port, I am already trying > to get in touch with Jun Kuriyama. I don't mean to stop you ... it's just my opinion that a port is easier kept up-to-date and the more convenient choice for most users. I wasn't aware that the current port has issues, I don't use relayd. In any case, please go ahead with whichever solution you find the most convenient and let me know if you need any help. If you decide to go for the base import, you might want to bring it up on net@ - as I'm sure the people on there will have an opinion and it's always a good idea to have the discussion before the commit. Thanks, Max