From owner-freebsd-questions@FreeBSD.ORG Sun Jul 20 14:16:14 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 325C1FB6 for ; Sun, 20 Jul 2014 14:16:14 +0000 (UTC) Received: from mail-wi0-f179.google.com (mail-wi0-f179.google.com [209.85.212.179]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BBD4E2707 for ; Sun, 20 Jul 2014 14:16:13 +0000 (UTC) Received: by mail-wi0-f179.google.com with SMTP id f8so2857407wiw.12 for ; Sun, 20 Jul 2014 07:16:06 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=H9+aICbJ8FU9+xCwiNofIKUU6ScXHgU2aW6uSMDRWFc=; b=RAjLrZ1Wh1wzMlVKhSv/LwGjmn75odFmdC7JdhdbNFor36aEvfiVozLRQSThPtMU3e JM3mhoFUr4VVskR0EKosjixl3xqXTbH2Mynw0DMqE7v9zKYuOR04vCXpOmRLspu5ZtDU FJEf2m71xkjH7xFGS3WXiCs1QwN+Z4t2KQV0kPIVvcv3DJE6UiQtkFNVBUzaTfyku6wY p/MmHU1mb1AQca9WXIzOlbidtI1SkmQ3zOGXZCsDPCS6MLw+1k2fwPkLtek56/Ilvioi 34w31QM0R63URpoahX4k5Kw/EfIhZBP1P4uKI3LLkWLDfCKFb177m6zRhriT6JTeJBlE yJrw== X-Gm-Message-State: ALoCoQkO8IVKCKqurdk/x2i2v/MJBaFx6SZxYAms4M0D/wTIeV8HbeZCPKnElfnoEvjBb4sz7/IV X-Received: by 10.194.189.50 with SMTP id gf18mr13870619wjc.13.1405865766565; Sun, 20 Jul 2014 07:16:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.180.91.233 with HTTP; Sun, 20 Jul 2014 07:15:36 -0700 (PDT) In-Reply-To: <20140720123916.GV96250@e-new.0x20.net> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <53CA2D39.6000204@sasktel.net> <20140720123916.GV96250@e-new.0x20.net> From: Maxim Khitrov Date: Sun, 20 Jul 2014 10:15:36 -0400 Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? To: FreeBSD Mailing List , freebsd-current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 14:16:14 -0000 On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels wrote: > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: >> all of that is true, but you are missing the point. Having two versions of >> pf on the bsd's at the user level, is a bad thing. It confuses people, >> which puts them off. Its a classic case of divide an conquer for other >> platforms. I really like the idea of the openpf version, that has been >> mentioned in this thread. It would be awesome if it ended up as a supported >> linux thing as well, so the world could be rid of iptables. However i guess >> thats just an unrealistic dream > > And you don't seem to get the point that _someone_ has to do the work. > No one has stepped up so far, so nothing is going to change. Gleb believes that the majority of FreeBSD users don't want the updated syntax, among other changes, from the more recent pf versions. Developers who share his opinion are not going to volunteer to do the work. This discussion is about showing this belief to be wrong, which is the first step in the process. In my opinion, the way forward is to forget (at least temporarily) the SMP changes, bring pf in sync with OpenBSD, put a policy in place to follow their releases as closely as possible, and then try to reintroduce all the SMP work. I think the latter has to be done upstream, otherwise it'll always be a story of diverging codebases. Furthermore, if FreeBSD developers were willing to spend some time improving pf performance on OpenBSD, then Henning and other OpenBSD developers might be more receptive to changes that make the porting process easier.