From owner-freebsd-current@FreeBSD.ORG Sun Jul 20 13:39:32 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0B7A3976; Sun, 20 Jul 2014 13:39:32 +0000 (UTC) Received: from oneyou.mcmli.com (oneyou.mcmli.com [IPv6:2001:470:1d:8da::100]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "oneyou.mcmli.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CC3FF2461; Sun, 20 Jul 2014 13:39:31 +0000 (UTC) Received: from sentry.24cl.com (unknown [IPv6:2001:558:6017:a2:a860:3073:4c46:6ac9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sentry.24cl.com", Issuer "Mike's Certificate Authority" (verified OK)) by oneyou.mcmli.com (Postfix) with ESMTPS id 3hGRxr0V2lz1DRn; Sun, 20 Jul 2014 09:39:28 -0400 (EDT) Received: from BigBloat (bigbloat.24cl.home [10.20.1.4]) by sentry.24cl.com (Postfix) with ESMTP id 3hGRxm4Qzcz1Bmx; Sun, 20 Jul 2014 09:39:24 -0400 (EDT) Message-ID: <201407200939020335.0017641F@smtp.24cl.home> In-Reply-To: <53CB4736.90809@bluerosetech.com> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> X-Mailer: Courier 3.50.00.09.1098 (http://www.rosecitysoftware.com) (P) Date: Sun, 20 Jul 2014 09:39:02 -0400 From: "Mike." To: freebsd-current@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Content-Type: text/plain; charset="us-ascii" X-Mailman-Approved-At: Sun, 20 Jul 2014 15:32:29 +0000 X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 13:39:32 -0000 On 7/19/2014 at 9:36 PM Darren Pilgrim wrote: |On 7/18/2014 6:51 AM, Franco Fichtner wrote: | [snip] | | |All because over half a decade ago some folks got all butthurt over a |config file format change. ============= I'm juggling two formats for specifying NIC configurations in rc.conf, one on a 8.4 server and another on some 10.0 servers. I've also been through pf.conf syntax changes in the past, and I expect to be subject to pf.con syntax changes in the future. Did I have to do some extra work to accomodate those changes? Yes. Was it worth the effort? Absolutely. Not only am I handling the handling of two NIC configuration syntaxes OK, I look forward to when I can bring the 8.4 server up to 10.x for, among other things, imo the better syntax of the networking configuration in 10.x. imho, the root problem here is that an effort to implement a single feature improvement (multi-threading) has caused the FreeBSD version of pf to apparently reach a near-unmaintainable position in the FreeBSD community because improvements from OpenBSD can no longer be ported over easily. FreeBSD's pf has been put in a virtual isolation chamber due to the multi-threaded enhancement. Was it worth it?