Plans for 6-CURRENT and 5-STABLE

Max Laier max at love2party.net
Mon Oct 18 04:53:51 PDT 2004 

On Monday 18 October 2004 06:31, stheg olloydson wrote:
> it was said by Max Laier on 17.10.04:
> >There are some FreeBSD specific things that need improvement and clean
> >up. This is the first task that I will work on in 6-CURRENT starting
> >from now.
> >
> >Most prominently this includes the interface handling. There are some
> >open problems to be addressed, such as the inability to recognize
> >renamed interfaces as well as problems around 6to4.
>
> Does this include improvements in bridging? I saw your comments in a
> reply to this list 15.10.04. on this issue that vast improvements to
> FBSD's bridging support are needed to enable use of all of pf's
> features. While I am not using bridging now, I will need to set it up
> in six months or so.

No. Bridgeing is a completely different story. I'd welcome an import of 
if_bridge from Net/OpenBSD, but I will not have time to persue this. There 
was an effort to do so, but - unfortunately - I lost track of it. People 
interested should find it in the -current or -net archives.

> >Another big thing on the plate now, is a shared/exclusive lock semantic for 
> >the ruleset evaluation. This will not only speed things up by quite a bit, 
> >but will also resolve the requirement to run with mpsafenet=0 if one wants 
> >to use user/group based filter rules.   
>
> How badly does this impact now? This is a feature I have been looking
> forward to using.

Largely depends on your workload, hardware and so forth. If you have - for 
example - a fairly heavy loaded MySQL on a 4way Xeon box, you'd want to run 
with mpsafenet=1 (and hence avoid using user/group rules). On an UP box it 
should not matter.

> >All these projects will be merged into 5-STABLE once they have proven in 
> >HEAD. 
>
> Will they be merged to 5-RELEASE, as well? I prefer not to track
> STABLE.

There is no such thing as 5-RELEASE. RELENG_5_3 (which you might be confusing 
here) is solely for merging security fixes. All other changes go to RELENG_5 
(aka 5-STABLE) and become part of the *next* release.

> > Thanks for reading so far, please let me know your thoughts, concerns and 
> > questions.
>
> You're welcome. And thank you for your efforts in bring pf over from
> OpenBSD! One final question: Considering the inevitable loss of sync
> with the OBSD version, is separate FreeBSD-centric documentation
> planned? I ask because currently all docs are done by OBSD people, as
> far as I can tell. (I'd be willing to try my hand at this if someone
> doesn't mind my asking a lot of questions.)

The firewall chapter of the Handbook is being revised to give some information 
about PF as well. This will link to the OpenBSD PF-FAQ - an extra ordinary 
piece of documentation - for now. Depending on "how bad" we diverge from 
OpenBSD we will either maintain our own version of the FAQ or (more likely) 
describe the "delta" between Open- and FreeBSD's PF in the handbook's 
firewall chapter and continue to reference the FAQ. At the moment the 
difference between OpenBSD 3.5 PF and FreeBSD 5.3 PF is negligible.

But of course, you are more than welcome to read the existing documentation, 
to identify problems and differences and eventually provide solutions. Asking 
questions is not a problem either.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041018/15af6d62/attachment.bin

More information about the freebsd-pf mailing list