From owner-freebsd-questions@FreeBSD.ORG Sun Jul 20 16:31:04 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A37A9C53; Sun, 20 Jul 2014 16:31:04 +0000 (UTC) Received: from oneyou.mcmli.com (oneyou.mcmli.com [IPv6:2001:470:1d:8da::100]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "oneyou.mcmli.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6E91223E8; Sun, 20 Jul 2014 16:31:04 +0000 (UTC) Received: from sentry.24cl.com (unknown [IPv6:2001:558:6017:a2:a860:3073:4c46:6ac9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sentry.24cl.com", Issuer "Mike's Certificate Authority" (verified OK)) by oneyou.mcmli.com (Postfix) with ESMTPS id 3hGWlm6bnzz1DRn; Sun, 20 Jul 2014 12:31:00 -0400 (EDT) Received: from BigBloat (bigbloat.24cl.home [10.20.1.4]) by sentry.24cl.com (Postfix) with ESMTP id 3hGWll0r1pz1Bn8; Sun, 20 Jul 2014 12:30:59 -0400 (EDT) Message-ID: <201407201230590265.00B479C4@smtp.24cl.home> In-Reply-To: <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> References: <53C706C9.6090506@com.jkkn.dk> <6326AB9D-C19A-434B-9681-380486C037E2@lastsummer.de> <53CB4736.90809@bluerosetech.com> <201407200939020335.0017641F@smtp.24cl.home> <788274E2-7D66-45D9-89F6-81E8C2615D14@lastsummer.de> X-Mailer: Courier 3.50.00.09.1098 (http://www.rosecitysoftware.com) (P) Date: Sun, 20 Jul 2014 12:30:59 -0400 From: "Mike." To: freebsd-current@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 16:31:04 -0000 On 7/20/2014 at 5:38 PM Franco Fichtner wrote: |On 20 Jul 2014, at 15:39, Mike. wrote: | |> imho, the root problem here is that an effort to implement a single |> feature improvement (multi-threading) has caused the FreeBSD version |> of pf to apparently reach a near-unmaintainable position in the |> FreeBSD community because improvements from OpenBSD can no longer be |> ported over easily. FreeBSD's pf has been put in a virtual |> isolation chamber due to the multi-threaded enhancement. |> |> Was it worth it? | |Yes. This happened *three times* in BSD land now. How much more |proof does it take to make that clear? |[snip] ============= In this instance, more proof would consist of pf development not wallowing in inactivity. imo, tactical changes were implemented in pf without the strategic negative consequences affecting the decision process guiding the implementation of those tactical features. And that's backwards. Strategies direct tactics, not vice versa.