From owner-freebsd-current@FreeBSD.ORG Sun Jul 20 14:31:47 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DCAA28A5; Sun, 20 Jul 2014 14:31:46 +0000 (UTC) Received: from mail-we0-x22b.google.com (mail-we0-x22b.google.com [IPv6:2a00:1450:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 467702926; Sun, 20 Jul 2014 14:31:46 +0000 (UTC) Received: by mail-we0-f171.google.com with SMTP id p10so6500942wes.2 for ; Sun, 20 Jul 2014 07:31:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=vxM8Jpa2WdBDQFVHOvEWjyEqGRcI1E8PIBFd3cZhIQ8=; b=to9Vy911tTvRm4QjwLHLWipq9PQi8JvQq69dQQuS6Hay3dem7nlNNU8pBM583lWSsU 4CeXjchMtrZSHk7IkeJ6jRVW7pI66fpC6ug6i6AZ3Kz8DnEQgvmI+1MLtCepzm0Tp4Hu Jg4dgfc82vHv6q9MeMCwpIwpdFogKbc5u4ATJVyboAXd1Zg51xVyqV6gU/2Kp3FWbaXP IM9DlPWB1cgffVgavjwUUfQqdEVRcP/d/egOtJrkAAPu0RbQoJl/RRrnXMz6ixktCvFE KBhMmhVn574rcxqKm/CERvA0l+1th21wYs4M7pdrVpRkUzd8wk6SjHte/eOCiFKPls2x +ZZA== X-Received: by 10.194.158.226 with SMTP id wx2mr13807163wjb.107.1405866704516; Sun, 20 Jul 2014 07:31:44 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by mx.google.com with ESMTPSA id n8sm30625852wia.19.2014.07.20.07.31.42 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Jul 2014 07:31:43 -0700 (PDT) Sender: Baptiste Daroussin Date: Sun, 20 Jul 2014 16:31:41 +0200 From: Baptiste Daroussin To: Maxim Khitrov Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <20140720143140.GF26778@ivaldir.etoilebsd.net> References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <53CA2D39.6000204@sasktel.net> <20140720123916.GV96250@e-new.0x20.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vKFfOv5t3oGVpiF+" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-current@freebsd.org, FreeBSD Mailing List X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 14:31:47 -0000 --vKFfOv5t3oGVpiF+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote: > On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels wrote: > > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: > >> all of that is true, but you are missing the point. Having two version= s of > >> pf on the bsd's at the user level, is a bad thing. It confuses people, > >> which puts them off. Its a classic case of divide an conquer for other > >> platforms. I really like the idea of the openpf version, that has been > >> mentioned in this thread. It would be awesome if it ended up as a supp= orted > >> linux thing as well, so the world could be rid of iptables. However i = guess > >> thats just an unrealistic dream > > > > And you don't seem to get the point that _someone_ has to do the work. > > No one has stepped up so far, so nothing is going to change. >=20 > Gleb believes that the majority of FreeBSD users don't want the > updated syntax, among other changes, from the more recent pf versions. > Developers who share his opinion are not going to volunteer to do the > work. This discussion is about showing this belief to be wrong, which > is the first step in the process. >=20 > In my opinion, the way forward is to forget (at least temporarily) the > SMP changes, bring pf in sync with OpenBSD, put a policy in place to > follow their releases as closely as possible, and then try to > reintroduce all the SMP work. I think the latter has to be done > upstream, otherwise it'll always be a story of diverging codebases. > Furthermore, if FreeBSD developers were willing to spend some time > improving pf performance on OpenBSD, then Henning and other OpenBSD > developers might be more receptive to changes that make the porting > process easier. smp is not the only change we did, if you forget about it you will also get= into other co plication to sync from openbsd Bapt --vKFfOv5t3oGVpiF+ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlPL0swACgkQ8kTtMUmk6EwBswCgqZUTDayXXQbDxMeRDeluVpFF lNcAn2Dpf2owQxkY4LO9vrXANQ9luA+u =I8MY -----END PGP SIGNATURE----- --vKFfOv5t3oGVpiF+--