Upgrading FreeBSD to use the NEW pf syntax.

Sami Halabi sodynet1 at gmail.com
Tue Nov 20 08:07:35 UTC 2012 

Hi,
This was actually discussed much before, as I read it would make some
issues with the new pf-smp work done by gleb.

Sami


On Tue, Nov 20, 2012 at 9:55 AM, Ermal Luçi <eri at freebsd.org> wrote:

> On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington <odhiambo at gmail.com
> >wrote:
>
> > On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <
> > paul.g.webster at googlemail.com
> > > wrote:
> >
> > > Good day all,
> > >
> > > I am aware this is a much discussed subject since the upgrade of PF, I
> > > believe the final decision was that to many users are used to the old
> > > style pf and an upgrade to the new syntax would cause to much
> confusion.
> > >
> > > There was a recent debate on ##freebsd about this issue and I was
> > inclined
> > > to mail in and get your opinions; basically it boiled down to the
> > majority
> > > of users wanting either:
> > >
> > > 1) To move to the newer pf and just add to releases notes what had
> > > happened,
> > > and
> > > 2) my own personal opinion: creating 'pf2-*' as a kernel option tree,
> > > basically using the newer pf syntax and allowing users to choose.
> > >
> > > I would be interested to know the feedback from you guys as to be
> honest
> > > there seems to be quite a few users who actually DO want the new style
> > > format and functionality that comes with.
> > >
> > > I Attached the log of the conversation just for reference.
> > >
> > >
> > It's been difficult enough to maintain PF on FreeBSD because of the time
> > needed to be invested in the FreeBSD port.
> > This situation remains to date, from what I understand. I guess someone
> can
> > look at how many bugs/feature requests still remain open for PF on
> FreeBSD.
> >
> > I therefore feel that whoever wants to run PF should use a dedicated
> > OpenBSD box as a firewall/whatever they use PF for.
> > There is really no point trying to make FreeBSD be OpenBSD when it comes
> to
> > such requirements. Look at the advantages of "separation of power" - give
> > to OpenBSD the fireallpower  and FreeBSD the serverpower.
> >
> > In keeping with the K.I.S.S principle, please let anyone needing new PF
> > syntax just use OpenBSD.
> >
> > My humble opinion.
> > --
> > Best regards,
> > Odhiambo WASHINGTON,
> > Nairobi,KE
> > +254733744121/+254722743223
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > I can't hear you -- I'm using the scrambler.
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >
>
> The truth is that you can add a shim layer between the old syntax to new
> syntax and maintain the new 'locking' present in 10.x branch.
>
> Maybe it would be worth to send a project proposal to the FreeBSD
> Foundation about this,
> but i do not know how keen they are to support through funding this.
>
> When the locking was changed there were a discussion about keeping both of
> the versions but it was just thrown to the trash by the guy doing
> the new 'locking'.
>
> Probably it has to be asked to the foundation how keen they are to support
> this development to have things upgraded.
>
> --
> Ermal
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>



-- 
Sami Halabi
Information Systems Engineer
NMS Projects Expert
FreeBSD SysAdmin Expert

More information about the freebsd-pf mailing list