Base import proposal: relayd

Martin Matuska mm at FreeBSD.org
Thu May 27 14:02:29 UTC 2010


Well, what relayd actually provides is level 3 and level 7 reverse proxy
(with transparency support) and a load-balancer.

We could say that this can be seen as a "frontend to pf", but also as a
level 7 reverse proxy like varnish or pound. I have experience with all
of these. The configuration file syntax matches pf.conf(5). People with
pf(4) skills can take a benefit of it, for me it was the daemon I was
searching for a long time.

Why putting it in base? We could provide an out-of-the box load-blancing
solution with service availability checking.
This is indeed very useful when FreeBSD is used as a (load-balancing)
firewall. In addition, the code is quite small and easy to integrate.

On the other hand, the current port (dating december 2007) is in a very
buggy state and I do not recommend using it, as it might easily confuse
your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors
on exit or segfault on reloading a mistyped configuration file.

As an alternative I would like to maintain the port, I am already trying
to get in touch with Jun Kuriyama.

Cheers,
mm

Dňa 27. 5. 2010 15:34, Max Laier  wrote / napísal(a):
> Hello Martin,
>
> On Thursday 27 May 2010 13:40:22 Martin Matuska wrote:
>   
>> Comments and suggestions are welcome.
>>     
> first off, thank you for your interest in pf - more hands are greatly 
> appreciated!
>
> On the $subj, I'm not sure what the added benefit of relayd in base is.  
> Having it in ports makes it easier to pull in new features/releases.  The same 
> could be said for (t)ftp-proxy, but it was decided that ftp NAT support is a 
> *basic* function of any firewall and therefore should be in the base system.
>
> Can you share your reasons for wanting it in base as opposed to ports?
>
> On the nitpicking side of things - from a quick glance:  The build of 
> relayd/ctl should probably be conditional on WITHOUT_PF.
>
> Thanks,
>   Max
>   


More information about the freebsd-pf mailing list