Base import proposal: relayd

Max Laier max at love2party.net
Thu May 27 14:57:08 UTC 2010


On Thursday 27 May 2010 16:02:28 Martin Matuska wrote:
> Well, what relayd actually provides is level 3 and level 7 reverse proxy
> (with transparency support) and a load-balancer.
> 
> We could say that this can be seen as a "frontend to pf", but also as a
> level 7 reverse proxy like varnish or pound. I have experience with all
> of these. The configuration file syntax matches pf.conf(5). People with
> pf(4) skills can take a benefit of it, for me it was the daemon I was
> searching for a long time.
> 
> Why putting it in base? We could provide an out-of-the box load-blancing
> solution with service availability checking.
> This is indeed very useful when FreeBSD is used as a (load-balancing)
> firewall. In addition, the code is quite small and easy to integrate.
> 
> On the other hand, the current port (dating december 2007) is in a very
> buggy state and I do not recommend using it, as it might easily confuse
> your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors
> on exit or segfault on reloading a mistyped configuration file.
> 
> As an alternative I would like to maintain the port, I am already trying
> to get in touch with Jun Kuriyama.

I don't mean to stop you ... it's just my opinion that a port is easier kept 
up-to-date and the more convenient choice for most users.  I wasn't aware that 
the current port has issues, I don't use relayd.

In any case, please go ahead with whichever solution you find the most 
convenient and let me know if you need any help.  If you decide to go for the 
base import, you might want to bring it up on net@ - as I'm sure the people on 
there will have an opinion and it's always a good idea to have the discussion 
before the commit.

Thanks,
  Max


More information about the freebsd-pf mailing list