From owner-freebsd-current@FreeBSD.ORG Wed Jul 23 20:08:12 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33AC392F; Wed, 23 Jul 2014 20:08:12 +0000 (UTC) Received: from smtp-out-02.shaw.ca (smtp-out-02.shaw.ca [64.59.136.138]) by mx1.freebsd.org (Postfix) with ESMTP id DEF7A24D4; Wed, 23 Jul 2014 20:08:11 +0000 (UTC) X-Cloudmark-SP-Filtered: true X-Cloudmark-SP-Result: v=1.1 cv=W0/jygPWOP4vNGB1giqMd6hViTlTWopR5z2gXdBWnF4= c=1 sm=1 a=cQ5pcHtl6RgA:10 a=QrugwKR0C_UA:10 a=wAGQQ9Az6v0A:10 a=BLceEmwcHowA:10 a=ICAaq7hcmGcA:10 a=kj9zAlcOel0A:10 a=IbtKDeXwb2+SRU442/pi3A==:17 a=RJp7PVBWAAAA:8 a=BWvPGDcYAAAA:8 a=6I5d2MoRAAAA:8 a=r83zQBVX6GhAEvYNhSoA:9 a=CjuIK1q_8ugA:10 a=V7tsTZBp22UA:10 a=SV7veod9ZcQA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Received: from unknown (HELO spqr.komquats.com) ([96.50.7.119]) by smtp-out-02.shaw.ca with ESMTP; 23 Jul 2014 14:08:10 -0600 Received: from slippy.cwsent.com (slippy8 [10.2.2.6]) by spqr.komquats.com (Postfix) with ESMTP id 925929BE8; Wed, 23 Jul 2014 13:08:10 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.14.9/8.14.9) with ESMTP id s6NK897a091257; Wed, 23 Jul 2014 13:08:09 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.14.9/8.14.8/Submit) with ESMTP id s6NK87MX091253; Wed, 23 Jul 2014 13:08:07 -0700 (PDT) (envelope-from Cy.Schubert@komquats.com) Message-Id: <201407232008.s6NK87MX091253@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.6 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.komquats.com/ To: Daniel Feenberg Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? In-Reply-To: Message from Daniel Feenberg of "Sun, 20 Jul 2014 14:35:26 -0400." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 23 Jul 2014 13:08:05 -0700 Cc: krad , Lars Engels , freebsd-current@freebsd.org, Stephen Hurd , Gleb Smirnoff , =?ISO-8859-15?Q?Gerrit_K=FChn?= , FreeBSD Mailing List , Matt Bettinger X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jul 2014 20:08:12 -0000 In message , Daniel Feenberg writes: > > > On Sun, 20 Jul 2014, Lars Engels wrote: > > > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: > >> all of that is true, but you are missing the point. Having two versions of > >> pf on the bsd's at the user level, is a bad thing. It confuses people, > >> which puts them off. Its a classic case of divide an conquer for other > >> platforms. I really like the idea of the openpf version, that has been > >> mentioned in this thread. It would be awesome if it ended up as a supporte > d > >> linux thing as well, so the world could be rid of iptables. However i gues > s > >> thats just an unrealistic dream > > > > And you don't seem to get the point that _someone_ has to do the work. > > No one has stepped up so far, so nothing is going to change. > > > > No one with authority has yet said that "If an updated pf were available, > would be welcomed". Rather they have said "An updated pf would not be > suitable, as it would be incompatible with existing configuration files". > If the latter is indeed the case, there is little incentive for anyone > to go to the effort of porting the newer pf. After all, the reward for > the work is chiefly in glory, and if there is to be no glory, the work > is unlikely to be done. I disagree. One does not do this for the glory. One does this because the nail hurts enough to do something about it. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.