Upgrading FreeBSD to use the NEW pf syntax.

Ermal Luçi eri at freebsd.org
Tue Nov 20 07:55:40 UTC 2012 

On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington <odhiambo at gmail.com>wrote:

> On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <
> paul.g.webster at googlemail.com
> > wrote:
>
> > Good day all,
> >
> > I am aware this is a much discussed subject since the upgrade of PF, I
> > believe the final decision was that to many users are used to the old
> > style pf and an upgrade to the new syntax would cause to much confusion.
> >
> > There was a recent debate on ##freebsd about this issue and I was
> inclined
> > to mail in and get your opinions; basically it boiled down to the
> majority
> > of users wanting either:
> >
> > 1) To move to the newer pf and just add to releases notes what had
> > happened,
> > and
> > 2) my own personal opinion: creating 'pf2-*' as a kernel option tree,
> > basically using the newer pf syntax and allowing users to choose.
> >
> > I would be interested to know the feedback from you guys as to be honest
> > there seems to be quite a few users who actually DO want the new style
> > format and functionality that comes with.
> >
> > I Attached the log of the conversation just for reference.
> >
> >
> It's been difficult enough to maintain PF on FreeBSD because of the time
> needed to be invested in the FreeBSD port.
> This situation remains to date, from what I understand. I guess someone can
> look at how many bugs/feature requests still remain open for PF on FreeBSD.
>
> I therefore feel that whoever wants to run PF should use a dedicated
> OpenBSD box as a firewall/whatever they use PF for.
> There is really no point trying to make FreeBSD be OpenBSD when it comes to
> such requirements. Look at the advantages of "separation of power" - give
> to OpenBSD the fireallpower  and FreeBSD the serverpower.
>
> In keeping with the K.I.S.S principle, please let anyone needing new PF
> syntax just use OpenBSD.
>
> My humble opinion.
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254733744121/+254722743223
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> I can't hear you -- I'm using the scrambler.
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

The truth is that you can add a shim layer between the old syntax to new
syntax and maintain the new 'locking' present in 10.x branch.

Maybe it would be worth to send a project proposal to the FreeBSD
Foundation about this,
but i do not know how keen they are to support through funding this.

When the locking was changed there were a discussion about keeping both of
the versions but it was just thrown to the trash by the guy doing
the new 'locking'.

Probably it has to be asked to the foundation how keen they are to support
this development to have things upgraded.

-- 
Ermal

More information about the freebsd-pf mailing list