From owner-freebsd-pf@FreeBSD.ORG Thu May 27 17:32:38 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DE32106564A; Thu, 27 May 2010 17:32:38 +0000 (UTC) (envelope-from mohacsi@niif.hu) Received: from mail.ki.iif.hu (mail.ki.iif.hu [IPv6:2001:738:0:411::241]) by mx1.freebsd.org (Postfix) with ESMTP id B3E6F8FC19; Thu, 27 May 2010 17:32:37 +0000 (UTC) Received: from localhost (cirkusz.lvs.iif.hu [193.225.14.182]) by mail.ki.iif.hu (Postfix) with ESMTP id ABD1884FAC; Thu, 27 May 2010 19:32:36 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at cirkusz.lvs.iif.hu Received: from mail.ki.iif.hu ([IPv6:::ffff:193.6.222.241]) by localhost (cirkusz.lvs.iif.hu [::ffff:193.225.14.72]) (amavisd-new, port 10024) with ESMTP id ZWJ39RxuvKUr; Thu, 27 May 2010 19:32:33 +0200 (CEST) Received: by mail.ki.iif.hu (Postfix, from userid 9002) id BCF8884E14; Thu, 27 May 2010 19:32:33 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail.ki.iif.hu (Postfix) with ESMTP id BB7CF84C07; Thu, 27 May 2010 19:32:33 +0200 (CEST) Date: Thu, 27 May 2010 19:32:33 +0200 (CEST) From: Mohacsi Janos X-X-Sender: mohacsi@mignon.ki.iif.hu To: Martin Matuska In-Reply-To: <4BFE7B74.4050709@FreeBSD.org> Message-ID: References: <4BFE5A26.8030301@FreeBSD.org> <201005271534.27006.max@love2party.net> <4BFE7B74.4050709@FreeBSD.org> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-568278634-1274981343=:57772" Content-ID: Cc: freebsd-pf@freebsd.org Subject: Re: Base import proposal: relayd X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2010 17:32:38 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-568278634-1274981343=:57772 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-2; FORMAT=flowed Content-Transfer-Encoding: 8BIT Content-ID: Dear All, I would appricate the fixes in ports tree first. I use relayd for a while on FreeBSD 7 stable. I have problem with the tcp checking. Janos Mohacsi Head of HBONE+ project Network Engineer, Deputy Director of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Thu, 27 May 2010, Martin Matuska wrote: > Well, what relayd actually provides is level 3 and level 7 reverse proxy > (with transparency support) and a load-balancer. > > We could say that this can be seen as a "frontend to pf", but also as a > level 7 reverse proxy like varnish or pound. I have experience with all > of these. The configuration file syntax matches pf.conf(5). People with > pf(4) skills can take a benefit of it, for me it was the daemon I was > searching for a long time. > > Why putting it in base? We could provide an out-of-the box load-blancing > solution with service availability checking. > This is indeed very useful when FreeBSD is used as a (load-balancing) > firewall. In addition, the code is quite small and easy to integrate. > > On the other hand, the current port (dating december 2007) is in a very > buggy state and I do not recommend using it, as it might easily confuse > your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors > on exit or segfault on reloading a mistyped configuration file. > > As an alternative I would like to maintain the port, I am already trying > to get in touch with Jun Kuriyama. > > Cheers, > mm > > Dňa 27. 5. 2010 15:34, Max Laier wrote / napísal(a): >> Hello Martin, >> >> On Thursday 27 May 2010 13:40:22 Martin Matuska wrote: >> >>> Comments and suggestions are welcome. >>> >> first off, thank you for your interest in pf - more hands are greatly >> appreciated! >> >> On the $subj, I'm not sure what the added benefit of relayd in base is. >> Having it in ports makes it easier to pull in new features/releases. The same >> could be said for (t)ftp-proxy, but it was decided that ftp NAT support is a >> *basic* function of any firewall and therefore should be in the base system. >> >> Can you share your reasons for wanting it in base as opposed to ports? >> >> On the nitpicking side of things - from a quick glance: The build of >> relayd/ctl should probably be conditional on WITHOUT_PF. >> >> Thanks, >> Max >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --0-568278634-1274981343=:57772--