From owner-freebsd-current@FreeBSD.ORG Sun Jul 20 14:22:39 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7E3C31AD for ; Sun, 20 Jul 2014 14:22:39 +0000 (UTC) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 146DD280F for ; Sun, 20 Jul 2014 14:22:38 +0000 (UTC) Received: by mail-wi0-f181.google.com with SMTP id bs8so2861010wib.14 for ; Sun, 20 Jul 2014 07:22:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:content-type; bh=H9+aICbJ8FU9+xCwiNofIKUU6ScXHgU2aW6uSMDRWFc=; b=Lfbfm+3dmIAoiZia8X6vgRowEar6LHCInwpM23jYwqO2vBcw7iBVTL13RvRQg6qDRn R1bgbMyW/hxsE1uEuHugSlTMum0c0xl71WDwx5N6ZCMmrU5ba277f3eTetIRN6JZDCHy QPxyXod97IJbV5nhJXf6taZ+ccbH6EkO9ekm7EjtTNcSWtzmq/apdFscwzcjmQdSh9tn LnHKs/4V0rQFDkW1TPc/CjYuPmIjm44IyLFGds8pdtq/iKOSWNl6JOgFjle6pDxp+4lF x8Xg4NnG+kKKKgkghl4yxOw0kLd1uJdkHheUuFzpFl5efYA30gGukeyw5mKhm5dQk38W PZUQ== X-Gm-Message-State: ALoCoQnkbSd+6/80NP26GaIVXNpPoD57KDp1DWTqIFrtQz1hZYTRpiGYRaPsCt82iCASAACxuRIF X-Received: by 10.194.189.50 with SMTP id gf18mr13870619wjc.13.1405865766565; Sun, 20 Jul 2014 07:16:06 -0700 (PDT) MIME-Version: 1.0 Received: by 10.180.91.233 with HTTP; Sun, 20 Jul 2014 07:15:36 -0700 (PDT) In-Reply-To: <20140720123916.GV96250@e-new.0x20.net> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <53CA2D39.6000204@sasktel.net> <20140720123916.GV96250@e-new.0x20.net> From: Maxim Khitrov Date: Sun, 20 Jul 2014 10:15:36 -0400 Message-ID: Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? To: FreeBSD Mailing List , freebsd-current@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 14:22:39 -0000 On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels wrote: > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: >> all of that is true, but you are missing the point. Having two versions of >> pf on the bsd's at the user level, is a bad thing. It confuses people, >> which puts them off. Its a classic case of divide an conquer for other >> platforms. I really like the idea of the openpf version, that has been >> mentioned in this thread. It would be awesome if it ended up as a supported >> linux thing as well, so the world could be rid of iptables. However i guess >> thats just an unrealistic dream > > And you don't seem to get the point that _someone_ has to do the work. > No one has stepped up so far, so nothing is going to change. Gleb believes that the majority of FreeBSD users don't want the updated syntax, among other changes, from the more recent pf versions. Developers who share his opinion are not going to volunteer to do the work. This discussion is about showing this belief to be wrong, which is the first step in the process. In my opinion, the way forward is to forget (at least temporarily) the SMP changes, bring pf in sync with OpenBSD, put a policy in place to follow their releases as closely as possible, and then try to reintroduce all the SMP work. I think the latter has to be done upstream, otherwise it'll always be a story of diverging codebases. Furthermore, if FreeBSD developers were willing to spend some time improving pf performance on OpenBSD, then Henning and other OpenBSD developers might be more receptive to changes that make the porting process easier.