Date: Thu, 27 Jun 2013 14:13:08 +0200 From: Thomas Steen Rasmussen <thomas@gibfest.dk> To: freebsd-pf@freebsd.org Subject: Re: PF bugs Message-ID: <51CC2C54.5020402@gibfest.dk> In-Reply-To: <20130625153719.GN1214@FreeBSD.org> References: <1371871842.22524.62.camel@localhost> <87ehbuti5u.fsf@deeperthought.bsdly.net> <20130625153719.GN1214@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25-06-2013 17:37, Gleb Smirnoff wrote: > Peter, > > On Sat, Jun 22, 2013 at 02:59:57PM +0200, Peter N. M. Hansteen wrote: > P> > Ok. I wish PF on FreeBSD and OpenBSD were in sync. > P> > P> With the differences in release schedules (OpenBSD releases N.m+1 > P> every six months, while the FreeBSD cycles typically take longer) a > P> total sync is unlikely, but it would save some of us a bit of > P> maintenance work if FreeBSD finally made the jump to post-OpenBSD 4.7 > P> syntax and various 4.5 and onwards goodies like match, pflow and a few > P> other. > > The number of people who run both OpenBSD and FreeBSD is signficantly > less then number of people who just run FreeBSD and routinely upgrade > it from version to version. I understand that having different syntax > is a PITA for those who run both BSDs, sorry for that. This is a PITA for _everyone_ who has ever tried googling some syntax or found a tutorial for pf online. Or read Peter Hansteens excellent books. Or spoken to someone at a conference only to find out that his suggestion doesn't apply. To think that the FreeBSD handbook alone can serve as documentation for the FreeBSD version of pf is just silly. A well-functioning community around something like pf produces lots and lots of documentation, best practices, examples of complicated setups, blogposts, etc. etc. I see only two solutions to this: the preferred solution is to change FreeBSD pf to match OpenBSD pf ruleset syntax and features. This would mean that we would keep the OpenBSD and FreeBSD pf communities "in sync" and people could still use the same information regardless of OS. The other solution is to rename pf in FreeBSD to something else, like fpf or whatever, to make it clear to everyone that they are not the same. This would mean that we (FreeBSD) would have to grow a new community around fpf. But it would make it possible to google examples and stuff again, without hitting irrelevant OpenBSD stuff. Let me repeat to make it perfectly clear: The current situation with two very different firewalls with the same name only serves to confuse and frustrate users. If aligning syntax and functionality is too much work, or impossible for other reasons, a rename of "our" pf is the only right thing to do. > But changing > syntax in FreeBSD would be PITA for a vast majority of people. That's > why many FreeBSD developers are against changing syntax. I've seen this argument over and over again. We can't just stop progress because it would be inconvenient for people. At some point (and IMO that point is way in the past) we have to conclude that the advantages outweigh the disadvantages, and just do it. Best regards, Thomas Steen Rasmussen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51CC2C54.5020402>