From owner-freebsd-current@FreeBSD.ORG  Fri Dec 21 18:36:16 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 2728C96C
 for <freebsd-current@freebsd.org>; Fri, 21 Dec 2012 18:36:16 +0000 (UTC)
 (envelope-from max@mxcrypt.com)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com
 [209.85.212.182])
 by mx1.freebsd.org (Postfix) with ESMTP id 9E1848FC1C
 for <freebsd-current@freebsd.org>; Fri, 21 Dec 2012 18:36:15 +0000 (UTC)
Received: by mail-wi0-f182.google.com with SMTP id hn14so2952238wib.15
 for <freebsd-current@freebsd.org>; Fri, 21 Dec 2012 10:36:09 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=google.com; s=20120113;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc:content-type:x-gm-message-state;
 bh=q50INIdvrxXpxlMq6aQuYmLbOCC275VxwNmTPC0o9vQ=;
 b=MmyY09Yb+NPv9mgUnRK9MPMVxXVxziYLPwbLEb3j7C0GuG5ZbJUONEBqRGM0CF919i
 WdL7YzX1dvwz8UOPjJkDRVyEfT2iFRr+O9oDl0thPCSDJh2Flu+0RSWcmNt/X01nE2VC
 NjnyCJ1tUKfaLlipJE1ErAMz8fLLpl0gqlJb+RCX8Z6LYSwdtyMKo6oK9RIv6Bj2fq8h
 aYXjUTs7d+OiPx/wAIlC5eZoH/jUjJOTUsDyn8H0b18Eho4ESkE38VxVOp+XN/PPuucg
 eY+IdpD7T8mWbrxvuFzraN2ADTvTm0OlUO9agg51Qmrl46Ts9xOucv8EpP3Qa3Plnb4a
 E31w==
Received: by 10.180.73.202 with SMTP id n10mr24933180wiv.17.1356114969372;
 Fri, 21 Dec 2012 10:36:09 -0800 (PST)
MIME-Version: 1.0
Received: by 10.180.92.105 with HTTP; Fri, 21 Dec 2012 10:35:39 -0800 (PST)
In-Reply-To: <20121126150028.GK84121@FreeBSD.org>
References: <op.wn1vktomjfousr@box.dlink.com>
 <CAPBZQG2R+LXTo8xXZNhfWg+S4wtkDc1cAuhoHqdgyiGDGZuXOw@mail.gmail.com>
 <CAEW+ogbUkHTaef98=CusV+V3qTFHqj-7x-_icKaom_0d2gv69g@mail.gmail.com>
 <201211201543.17903.Mark.Martinec+freebsd@ijs.si>
 <20121121075642.GR67660@FreeBSD.org>
 <CAPBZQG2-uDFm67NtYOQ3vV7Xh_3zzMMPr441DqnV7tOyViF4Lg@mail.gmail.com>
 <20121121145240.GE67660@glebius.int.ru>
 <CAPBZQG35frdf3FN-Wuv18e5jgYfR4Ue_AUW-wyNTP-7kGnefUA@mail.gmail.com>
 <op.wn961ikajfousr@box.dlink.com> <20121126150028.GK84121@FreeBSD.org>
From: Maxim Khitrov <max@mxcrypt.com>
Date: Fri, 21 Dec 2012 13:35:39 -0500
Message-ID: <CAJcQMWcYODo8u=yqvqaxKoqe93g9UxkApTA8HcoRkvgD-s11HQ@mail.gmail.com>
Subject: Re: Upgrading FreeBSD to use the NEW pf syntax.
To: Gleb Smirnoff <glebius@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQlvORnRkPV7jAFlwoaNQdaeLf1Egk1goRjxrubw9tL4AwqeIMNS2QwrgXt/fTwmAEAxaVVF
Cc: freebsd-current@freebsd.org, freebsd-pf@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Dec 2012 18:36:16 -0000

On Mon, Nov 26, 2012 at 10:00 AM, Gleb Smirnoff <glebius@freebsd.org> wrote:
>   Paul,
>
> On Sat, Nov 24, 2012 at 02:11:32PM -0000, Paul Webster wrote:
> P> I only really need one question answered in honesty;
> P>
> P> I personally think that by forking our own version of PF we have
> P> essentially made something totally different to what everyone wants to
> P> use. Which is fine, but because of that development of new features have
> P> dropped behind.
> P>
> P> If we had kept up with OpenBSD's version even if we trailed it by one
> P> MAJOR release; at least part of the development would have been done.
> P>
> P> So now we end up in a situation where we have these firewalls,
> P> IPFW2,ipf,pf(modded) and users wanting the newer features of OpenBSD's pf.
> P> So timewise the fork of pf may have actually cost more in time rather than
> P> less.
> P>
> P> I don't however think the 'solution' to the problem is just to say no to
> P> the userbase by not even trying to port across the newer pf. I think we
> P> should look at bringing it across, slowly and seeing what the uptake is
> P> like; in a few MAJOR releases we can start to look at which of the
> P> firewalls realistically are not used that much and should be deprecated.
>
>   If you see a large userbase that eagers to see new pf, then you can port
> it to FreeBSD, maintain it, catch up with new versions from OpenBSD,
> and so on. No one forbids you doing that.

Putting aside the issue of new syntax... What is the actual state of
pf in the upcoming FreeBSD 9.1-RELEASE? Have there been any changes
from 9.0? The most recent list of PRs doesn't look very encouraging.

I'm setting up a new office firewall right now. I tried installing
OpenBSD 5.2, but it doesn't recognize the Intel X25-E drive in AHCI
mode or the Intel X540 10GbE adapter, which should be supported. Maybe
I can fix these problems, but I'd much rather see an improvement in
the state of FreeBSD firewalls. No one needs three choices, we need
one that works and is actively maintained.

- Max