Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 13 Jan 2011 22:33:52 -0500
From:      Chris Buechler <cmb@pfsense.org>
To:        The Anarcat <anarcat@koumbit.org>, harold barker <hvb@dsms.com>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: long term maintenance of pf in FreeBSD (AKA where's pf 4.7?)
Message-ID:  <AANLkTi=29wZRTzW7ohGb8gbcfOKVvbKcGBt1NyXNvYCf@mail.gmail.com>
In-Reply-To: <20110113055136.GU24439@anarcat.ath.cx>
References:  <20110113055136.GU24439@anarcat.ath.cx>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jan 13, 2011 at 12:51 AM, The Anarcat <anarcat@koumbit.org> wrote:
> Hi!
>
> I have digged into the archive after reading in the handbook that pf is
> stuck at OpenBSD's 4.1 version, which is now quite old (may 2007).
>
> I have found this thread mentionning testing required for a patch:
>
> http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html
>
> ... it then seemed the patch had some issues:
>
> http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005860.html
>
> Others have raised a similar issue about backporting 4.7 into FreeBSD:
>
> http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005862.html
>
> For context, OpenBSD 4.7 (may 2010) is the last significant release
> including changes in pf:
>

The first post in the above thread says why the next import into
FreeBSD will be 4.5, breaking your ruleset by upgrading your OS is
being avoided for now.


> So my question is: what's the plan? Is anybody actively maintaining pf
> in FreeBSD at this point?
>

It's a lot of work, Max who did the original port hasn't had time to
maintain it, but Ermal Luci is picking up maintainership. The plan
discussed at the FreeBSD dev summit at EuroBSDCon last year is the 4.5
PF will be imported for FreeBSD 9, and from there options will be
considered for the path forward.


> PS: I ask because we're considering switching our routers from OpenBSD
> to FreeBSD to ease maintenance (yay freebsd-update) but the outdated pf
> version is a serious hindrance as we're looking at using the new
> 'sloppy' state tracking mecanisms
>

Note there is a patch to add sloppy state tracking to FreeBSD 8.1,
pfSense uses it, you can find the patches in the tools repo at
rcs.pfsense.org. Of course using a kernel patch rules out using
freebsd-update though.


On Thu, Jan 13, 2011 at 11:44 AM, harold barker <hvb@dsms.com> wrote:
>
> I like and use PF on FreeBSD. =A0I would greatly appreciate someone commi=
tting to more then a wham bam thank you madam port. =A0I am willing to put =
some
> money in the pot.

Ermal will be putting more time in it early this year, he makes a
living working on pfSense, as well as the rest of our staff who make a
living on the project helping with testing and related things. Though
part of that depends on us having funding available to cover salaries
for the time put into projects and at this point we don't have anyone
looking to fund that time. We cut as good of a deal as we can on open
source work, just covering our own costs, and probably losing money on
this one as we're going to make it happen regardless as long as we
don't have to take too big of a hit on it. We're consumed with other
projects at this instant but will be looking at this again soon.

Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=29wZRTzW7ohGb8gbcfOKVvbKcGBt1NyXNvYCf>