PF-NAT

Daniel Hartmeier daniel at benzedrine.cx
Thu Nov 30 22:35:00 PST 2006 

On Fri, Dec 01, 2006 at 12:25:13AM +0100, Sten Daniel Sørsdal wrote:

> Just about any cheap home firewall can do it these days, i
> wonder why the open source community is reluctant to take advantage.

The "if a $50 commercial box can do it, why can't pf?" argument pops up
every now and then, maybe the answer is not obvious and deserves an
explanation.

The vendor of the $50 commercial box is working on economical
principles. There is a certain cost of implementing the feature, they
have to dispatch one of their developers for a certain amount of hours
to implement it. Since they are selling a large number of boxes, the
cost increases the price of each individual box only slightly. Whether
the particular developer is interested in implementing the feature is
not relevant. He/she gets paid to do it.

In exchange, the vendor gains some advantage over the competition in the
market. Or, put the other way, if they wouldn't implement the feature,
they'd be at a disadvantage against the competition. So the cost of
implementation is compensated by increased sales and profit. The vendor
will do this calculation. You can be sure that if the expected increase
in profit isn't higher than the cost, the vendor will not implement the
feature, no matter how much the consumers demand it.

That's how a commercial vendor works. That has nothing to do with how
"the open source community" works. Open source is not a producer/consumer
model, where the open source developers are the producers and the users
the consumers, and the producers fight over market share to increase
financial profit.

The community works like this: if a feature is highly desired by a
significant portion of the population, eventually one of those people
will have the skills and time to implement it. He/she will then share
the result with everyone else. Conversely, if a feature isn't ever
implemented like that, you can conclude that it wasn't desired highly
enough by a significant enough portion of the population.

If you don't agree, prove me wrong, by implementing the feature ;)

Daniel

More information about the freebsd-pf mailing list