[pf4freebsd] Re: Maturity of this port?

Ryan Verner xfesty at computeraddictions.com.au
Wed Sep 15 21:04:13 PDT 2004


Thanks for the quick response!

Max Laier wrote:

> On Tuesday 25 May 2004 07:34, Ryan Verner wrote:
> Okay, I'll try to address these fairly general questions:
> 1) As you might have seen (I should really update the homepage) the port is 
> now part of the FreeBSD source tree.

Do update the webpage; I found the commit in freebsd's cvs tree
immediately after I posted this by searching in Google.  ALTQ doesn't
look like it's there, though, and that's really what I'm after :-(

> 2) FreeBSD 5.x is -CURRENT and as such not recommend for production use 
> per-se. However, if you find FreeBSD-5.x reasonably stable in your 
> environment pf will not be the show-stopper. I use 5.x on all my boxes and am 
> satisfied, even tracking -CURRENT (with a delay of a week or so) is good for 
> most application I think.

I've been running early 5.X-CURRENT builds since 2002; I've found it
reasonably stable on standard hardware, but it flakes out with anything
like ACPI or SMP.  For this particular task
(shaping/firewalling/routing), I'm happy running it.

> 3) FreeBSD-Current has the same feature-set as OpenBSD 3.4. Everything should 
> work as known from OpenBSD. ALTQ is not part of FreeBSD (yet). One major 
> problem with 3.4 however, is the lack of dynamic interface support. This 
> might cause problems with certain mpd setups (when tun0 is destroyed it might 
> trigger a panic when pf still has a reference to this interface).

D'oh; I really do need ALTQ.

> 4) An (experimental) import of OpenBSD 3.5 and ALTQ is available from: 
> http://people.freebsd.org/~mlaier/ I run it on two router, my laptop and my 
> desktop/development machine without problems, but am still waiting for more 
> feedback from other list-users. I can only encourage you to give it a spin, I 
> am very confident that this will match your needs.

I can certainly test it on my own connections, but I'm looking to
replace production-use OpenBSD shapers, and any downtime is a big no-no
(in short, wireless ISP, many customers).  I think I'll look further
into this project for my intended task once ALTQ matures and reaches the
base system; any idea how long that would be?

> 5) Daniel Hartmeier accepted a FreeBSD commit-bit to maintain the port on 
> FreeBSD in addition to myself. We will try to stay in sync with OpenBSD 
> stable and will very likely import more reliability fixes from OpenBSD 
> current than OpenBSD MFC's to its stable branch (as the policy for MFC'ing is 
> very strict over there).
> Summary:
> If you need ALTQ, we don't have a stable solution yet, but you are invited to 
> test the patches (which are very close to stable already). If you do not need 
> ALTQ you can install FreeBSD-current and have OpenBSD 3.4-STABLE pf.

ALTQ is /the/ reason why I'm running OpenBSD; pf/altq is the only thing
the boxes are doing (I'm running FreeBSD or Debian for other tasks).
Sigh, seems for now I'll have to stick with OpenBSD - userland is so
damn backwards, and the lack of a decent, somewhat automated, and most
importantly supported way to upgrade a system from one release to
another is a very sore point with me.

I'll certainly play with this on my own connection, though.



More information about the freebsd-pf mailing list