From owner-freebsd-stable@FreeBSD.ORG Fri May 23 21:03:19 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2EA86ECC for ; Fri, 23 May 2014 21:03:19 +0000 (UTC) Received: from smtp2.wemm.org (smtp2.wemm.org [IPv6:2001:470:67:39d::78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp2.wemm.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 09F4B265D for ; Fri, 23 May 2014 21:03:19 +0000 (UTC) Received: from [172.16.21.76] (50-204-120-225-static.hfc.comcastbusiness.net [50.204.120.225]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (Client did not present a certificate) (Authenticated sender: peter) by smtp2.wemm.org (Postfix) with ESMTPSA id 41CE5201 for ; Fri, 23 May 2014 14:03:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=m20140428; t=1400878998; bh=bkBDi8d5EAJDsfSHnXc5H79qclK61IMEusEljGHvvEI=; h=Date:From:To:Subject:References:In-Reply-To; b=FBN0FKiHhDAN5tIusHo31vbjXM2lxgVr88JXVRCaYASkOgyQmFMwyf2pdf0b/ifdp 1tqfQ116NcVLIONeRHtY5rj/bPzkPkKyljwfx78NCIA3wUEQ4D+UO94/gSYO/Js6Qn ZeR/OwtyXZhVEKaccXyM6Qyu4x4I0PazxyCtnCRI= Message-ID: <537FB796.80203@wemm.org> Date: Fri, 23 May 2014 14:03:18 -0700 From: Peter Wemm User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: Re: What is your favourite/best firewall on FreeBSD and why? References: <20140520070926.GA92183@The.ie> <537CF293.5010508@sentex.net> <537E7F2F.1050903@wemm.org> <537F8302.3090200@sentex.net> In-Reply-To: <537F8302.3090200@sentex.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 May 2014 21:03:19 -0000 On 5/23/14, 10:18 AM, Mike Tancsa wrote: > On 5/22/2014 6:50 PM, Peter Wemm wrote: > >> For what it's worth, we use FreeBSD-11 pf + carp on the FreeBSD.org >> clusters. The main reasons: > > Hi Peter, > Just curious, but what is in 11 that is not in 10 that you decided > to deploy HEAD ? I thought all those features you listed are in > RELENG_10 ? > > ---Mike > > Two reasons. 1) back when 10.x was head, machines were set up to build from svn.f.o/base/head and never quite made the switch to stable/10. I was willing to do the extra work to make sure that 10-current was well shaken out before it became 10-stable and that's why the cluster ran head. 2) for the most part there hasn't been any need to pull them back to -stable. So long as we can handle it on clusteradm I felt that deploying dogfood was a good way to find out if things are going off into the weeds before it gets too far out of control. Having committers aware that their changes are going to run live seems to make folks think a little more carefully about committing destabilizing things. In other words, 11.x is reliable enough that we can, so we are. It's not for features though. -Peter