From owner-freebsd-pf@FreeBSD.ORG Tue Nov 20 14:48:04 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D234AAE6; Tue, 20 Nov 2012 14:48:04 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 59FFF8FC0C; Tue, 20 Nov 2012 14:48:04 +0000 (UTC) Received: by mail-qc0-f182.google.com with SMTP id k19so5107522qcs.13 for ; Tue, 20 Nov 2012 06:48:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=Osd70cEwbIxt3Tj3aD+88BxZP9rq5UwL2g+/bM7EC1M=; b=bRaniau0oqkbuNIyAXY7Yb5IDnzfwh38Ek9n/n/Y1JQ2+quxtSHjvR1LpNpfgfGkkg bq9oZ9nVrffL56chxOKsREDBlJAWpLds0lWcwiTJOGMan6TlGdht67qaNuTbAWFJvJmN 8YEnkX8lped3p2wG+NUSowY7JNCSIvSxMnP585j/+pezJw15WRclp9/qNI6gQ8SRSobR v3vPCnfMPeNpsqs7OR8a2H6AX5tcLGkFdfvqQvDoVBb4oxVylIeBlFV2Nt1N7ethuspy AsuzHtijaWzQYBc78VhrywG0Wa4p7EvfmDRcI9SQ4VYcMRbSkhYrACWyOyyZfgv/X2ES 1o5Q== MIME-Version: 1.0 Received: by 10.224.178.193 with SMTP id bn1mr14992652qab.13.1353422883166; Tue, 20 Nov 2012 06:48:03 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.49.121.163 with HTTP; Tue, 20 Nov 2012 06:48:03 -0800 (PST) In-Reply-To: References: Date: Tue, 20 Nov 2012 15:48:03 +0100 X-Google-Sender-Auth: JtajvOyQLzy25AnZYXeb7-UB1eA Message-ID: Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Sami Halabi Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: Paul Webster , "freebsd-pf@freebsd.org" X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 14:48:05 -0000 On Tue, Nov 20, 2012 at 9:07 AM, Sami Halabi wrote: > Hi, > This was actually discussed much before, as I read it would make some > issues with the new pf-smp work done by gleb. > > Not really since Gleb just changed the locking and nothing else. All his work is under the hood. He actually broke if-bound state but that's another story. > Sami > > > On Tue, Nov 20, 2012 at 9:55 AM, Ermal Lu=E7i wrote: > >> On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington > >wrote: >> >> > On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster < >> > paul.g.webster@googlemail.com >> > > wrote: >> > >> > > Good day all, >> > > >> > > I am aware this is a much discussed subject since the upgrade of PF,= I >> > > believe the final decision was that to many users are used to the ol= d >> > > style pf and an upgrade to the new syntax would cause to much >> confusion. >> > > >> > > There was a recent debate on ##freebsd about this issue and I was >> > inclined >> > > to mail in and get your opinions; basically it boiled down to the >> > majority >> > > of users wanting either: >> > > >> > > 1) To move to the newer pf and just add to releases notes what had >> > > happened, >> > > and >> > > 2) my own personal opinion: creating 'pf2-*' as a kernel option tree= , >> > > basically using the newer pf syntax and allowing users to choose. >> > > >> > > I would be interested to know the feedback from you guys as to be >> honest >> > > there seems to be quite a few users who actually DO want the new sty= le >> > > format and functionality that comes with. >> > > >> > > I Attached the log of the conversation just for reference. >> > > >> > > >> > It's been difficult enough to maintain PF on FreeBSD because of the ti= me >> > needed to be invested in the FreeBSD port. >> > This situation remains to date, from what I understand. I guess someon= e >> can >> > look at how many bugs/feature requests still remain open for PF on >> FreeBSD. >> > >> > I therefore feel that whoever wants to run PF should use a dedicated >> > OpenBSD box as a firewall/whatever they use PF for. >> > There is really no point trying to make FreeBSD be OpenBSD when it >> comes to >> > such requirements. Look at the advantages of "separation of power" - >> give >> > to OpenBSD the fireallpower and FreeBSD the serverpower. >> > >> > In keeping with the K.I.S.S principle, please let anyone needing new P= F >> > syntax just use OpenBSD. >> > >> > My humble opinion. >> > -- >> > Best regards, >> > Odhiambo WASHINGTON, >> > Nairobi,KE >> > +254733744121/+254722743223 >> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ >> > I can't hear you -- I'm using the scrambler. >> > _______________________________________________ >> > freebsd-pf@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > >> >> The truth is that you can add a shim layer between the old syntax to new >> syntax and maintain the new 'locking' present in 10.x branch. >> >> Maybe it would be worth to send a project proposal to the FreeBSD >> Foundation about this, >> but i do not know how keen they are to support through funding this. >> >> When the locking was changed there were a discussion about keeping both = of >> the versions but it was just thrown to the trash by the guy doing >> the new 'locking'. >> >> Probably it has to be asked to the foundation how keen they are to suppo= rt >> this development to have things upgraded. >> >> -- >> Ermal >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > > > > -- > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > > --=20 Ermal