Date: Sun, 20 Jul 2014 09:39:02 -0400 From: "Mike." <the.lists@mgm51.com> To: freebsd-current@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Message-ID: <201407200939020335.0017641F@smtp.24cl.home> In-Reply-To: <53CB4736.90809@bluerosetech.com> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/19/2014 at 9:36 PM Darren Pilgrim wrote: |On 7/18/2014 6:51 AM, Franco Fichtner wrote: | [snip] | | |All because over half a decade ago some folks got all butthurt over a |config file format change. ============= I'm juggling two formats for specifying NIC configurations in rc.conf, one on a 8.4 server and another on some 10.0 servers. I've also been through pf.conf syntax changes in the past, and I expect to be subject to pf.con syntax changes in the future. Did I have to do some extra work to accomodate those changes? Yes. Was it worth the effort? Absolutely. Not only am I handling the handling of two NIC configuration syntaxes OK, I look forward to when I can bring the 8.4 server up to 10.x for, among other things, imo the better syntax of the networking configuration in 10.x. imho, the root problem here is that an effort to implement a single feature improvement (multi-threading) has caused the FreeBSD version of pf to apparently reach a near-unmaintainable position in the FreeBSD community because improvements from OpenBSD can no longer be ported over easily. FreeBSD's pf has been put in a virtual isolation chamber due to the multi-threaded enhancement. Was it worth it?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407200939020335.0017641F>