Date: Thu, 27 May 2010 16:02:28 +0200 From: Martin Matuska <mm@FreeBSD.org> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: Base import proposal: relayd Message-ID: <4BFE7B74.4050709@FreeBSD.org> In-Reply-To: <201005271534.27006.max@love2party.net> References: <4BFE5A26.8030301@FreeBSD.org> <201005271534.27006.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, what relayd actually provides is level 3 and level 7 reverse proxy (with transparency support) and a load-balancer. We could say that this can be seen as a "frontend to pf", but also as a level 7 reverse proxy like varnish or pound. I have experience with all of these. The configuration file syntax matches pf.conf(5). People with pf(4) skills can take a benefit of it, for me it was the daemon I was searching for a long time. Why putting it in base? We could provide an out-of-the box load-blancing solution with service availability checking. This is indeed very useful when FreeBSD is used as a (load-balancing) firewall. In addition, the code is quite small and easy to integrate. On the other hand, the current port (dating december 2007) is in a very buggy state and I do not recommend using it, as it might easily confuse your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors on exit or segfault on reloading a mistyped configuration file. As an alternative I would like to maintain the port, I am already trying to get in touch with Jun Kuriyama. Cheers, mm Dňa 27. 5. 2010 15:34, Max Laier wrote / napísal(a): > Hello Martin, > > On Thursday 27 May 2010 13:40:22 Martin Matuska wrote: > >> Comments and suggestions are welcome. >> > first off, thank you for your interest in pf - more hands are greatly > appreciated! > > On the $subj, I'm not sure what the added benefit of relayd in base is. > Having it in ports makes it easier to pull in new features/releases. The same > could be said for (t)ftp-proxy, but it was decided that ftp NAT support is a > *basic* function of any firewall and therefore should be in the base system. > > Can you share your reasons for wanting it in base as opposed to ports? > > On the nitpicking side of things - from a quick glance: The build of > relayd/ctl should probably be conditional on WITHOUT_PF. > > Thanks, > Max >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4BFE7B74.4050709>