From owner-freebsd-current@FreeBSD.ORG Mon Nov 26 15:00:30 2012 Return-Path: Delivered-To: freebsd-current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5FC894EA for ; Mon, 26 Nov 2012 15:00:30 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117]) by mx1.freebsd.org (Postfix) with ESMTP id CA92B8FC0C for ; Mon, 26 Nov 2012 15:00:29 +0000 (UTC) Received: from cell.glebius.int.ru (localhost [127.0.0.1]) by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id qAQF0SSH006570; Mon, 26 Nov 2012 19:00:28 +0400 (MSK) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id qAQF0S0S006569; Mon, 26 Nov 2012 19:00:28 +0400 (MSK) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 26 Nov 2012 19:00:28 +0400 From: Gleb Smirnoff To: Paul Webster Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. Message-ID: <20121126150028.GK84121@FreeBSD.org> References: <201211201543.17903.Mark.Martinec+freebsd@ijs.si> <20121121075642.GR67660@FreeBSD.org> <20121121145240.GE67660@glebius.int.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-current@FreeBSD.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Nov 2012 15:00:30 -0000 Paul, On Sat, Nov 24, 2012 at 02:11:32PM -0000, Paul Webster wrote: P> I only really need one question answered in honesty; P> P> I personally think that by forking our own version of PF we have P> essentially made something totally different to what everyone wants to P> use. Which is fine, but because of that development of new features have P> dropped behind. P> P> If we had kept up with OpenBSD's version even if we trailed it by one P> MAJOR release; at least part of the development would have been done. P> P> So now we end up in a situation where we have these firewalls, P> IPFW2,ipf,pf(modded) and users wanting the newer features of OpenBSD's pf. P> So timewise the fork of pf may have actually cost more in time rather than P> less. P> P> I don't however think the 'solution' to the problem is just to say no to P> the userbase by not even trying to port across the newer pf. I think we P> should look at bringing it across, slowly and seeing what the uptake is P> like; in a few MAJOR releases we can start to look at which of the P> firewalls realistically are not used that much and should be deprecated. If you see a large userbase that eagers to see new pf, then you can port it to FreeBSD, maintain it, catch up with new versions from OpenBSD, and so on. No one forbids you doing that. -- Totus tuus, Glebius.