Date: Sun, 20 Jul 2014 16:31:41 +0200 From: Baptiste Daroussin <bapt@FreeBSD.org> To: Maxim Khitrov <max@mxcrypt.com> Cc: freebsd-current@freebsd.org, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <20140720143140.GF26778@ivaldir.etoilebsd.net> In-Reply-To: <CAJcQMWe9=3PvOhfT8N-78N04A0u3OvkjOd-HPCiBUcJFZZb0-g@mail.gmail.com> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <CALfReycHtSi5GXgFZihrTsgDG6wc-ZfkYmQu7AjQmOKdeXntrA@mail.gmail.com> <CAEeRwNV3bJrM5KrGObZtNvSY1mVMW9jz2M4t2m2SSq_vvWmZ5w@mail.gmail.com> <CALfReyfWJd7YOi_Y8Mq=Q-xndLueF7vU5xwc1w_YGyM1a9DQZA@mail.gmail.com> <53CA2D39.6000204@sasktel.net> <CALfReyfkZY1ZDNohP6npRVQfjBK2M6j59R8idUGazr1yJDX3Jg@mail.gmail.com> <20140720123916.GV96250@e-new.0x20.net> <CAJcQMWe9=3PvOhfT8N-78N04A0u3OvkjOd-HPCiBUcJFZZb0-g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--vKFfOv5t3oGVpiF+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote: > On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels <lars.engels@0x20.net> wrote: > > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: > >> all of that is true, but you are missing the point. Having two version= s of > >> pf on the bsd's at the user level, is a bad thing. It confuses people, > >> which puts them off. Its a classic case of divide an conquer for other > >> platforms. I really like the idea of the openpf version, that has been > >> mentioned in this thread. It would be awesome if it ended up as a supp= orted > >> linux thing as well, so the world could be rid of iptables. However i = guess > >> thats just an unrealistic dream > > > > And you don't seem to get the point that _someone_ has to do the work. > > No one has stepped up so far, so nothing is going to change. >=20 > Gleb believes that the majority of FreeBSD users don't want the > updated syntax, among other changes, from the more recent pf versions. > Developers who share his opinion are not going to volunteer to do the > work. This discussion is about showing this belief to be wrong, which > is the first step in the process. >=20 > In my opinion, the way forward is to forget (at least temporarily) the > SMP changes, bring pf in sync with OpenBSD, put a policy in place to > follow their releases as closely as possible, and then try to > reintroduce all the SMP work. I think the latter has to be done > upstream, otherwise it'll always be a story of diverging codebases. > Furthermore, if FreeBSD developers were willing to spend some time > improving pf performance on OpenBSD, then Henning and other OpenBSD > developers might be more receptive to changes that make the porting > process easier. smp is not the only change we did, if you forget about it you will also get= into other co plication to sync from openbsd Bapt --vKFfOv5t3oGVpiF+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlPL0swACgkQ8kTtMUmk6EwBswCgqZUTDayXXQbDxMeRDeluVpFF lNcAn2Dpf2owQxkY4LO9vrXANQ9luA+u =I8MY -----END PGP SIGNATURE----- --vKFfOv5t3oGVpiF+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140720143140.GF26778>