Upgrading FreeBSD to use the NEW pf syntax.
Ermal Luçi
eri at freebsd.org
Tue Nov 20 14:48:05 UTC 2012
On Tue, Nov 20, 2012 at 9:07 AM, Sami Halabi <sodynet1 at gmail.com> wrote:
> Hi,
> This was actually discussed much before, as I read it would make some
> issues with the new pf-smp work done by gleb.
>
>
Not really since Gleb just changed the locking and nothing else.
All his work is under the hood.
He actually broke if-bound state but that's another story.
> Sami
>
>
> On Tue, Nov 20, 2012 at 9:55 AM, Ermal Luçi <eri at freebsd.org> wrote:
>
>> On Tue, Nov 20, 2012 at 7:46 AM, Odhiambo Washington <odhiambo at gmail.com
>> >wrote:
>>
>> > On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <
>> > paul.g.webster at googlemail.com
>> > > wrote:
>> >
>> > > Good day all,
>> > >
>> > > I am aware this is a much discussed subject since the upgrade of PF, I
>> > > believe the final decision was that to many users are used to the old
>> > > style pf and an upgrade to the new syntax would cause to much
>> confusion.
>> > >
>> > > There was a recent debate on ##freebsd about this issue and I was
>> > inclined
>> > > to mail in and get your opinions; basically it boiled down to the
>> > majority
>> > > of users wanting either:
>> > >
>> > > 1) To move to the newer pf and just add to releases notes what had
>> > > happened,
>> > > and
>> > > 2) my own personal opinion: creating 'pf2-*' as a kernel option tree,
>> > > basically using the newer pf syntax and allowing users to choose.
>> > >
>> > > I would be interested to know the feedback from you guys as to be
>> honest
>> > > there seems to be quite a few users who actually DO want the new style
>> > > format and functionality that comes with.
>> > >
>> > > I Attached the log of the conversation just for reference.
>> > >
>> > >
>> > It's been difficult enough to maintain PF on FreeBSD because of the time
>> > needed to be invested in the FreeBSD port.
>> > This situation remains to date, from what I understand. I guess someone
>> can
>> > look at how many bugs/feature requests still remain open for PF on
>> FreeBSD.
>> >
>> > I therefore feel that whoever wants to run PF should use a dedicated
>> > OpenBSD box as a firewall/whatever they use PF for.
>> > There is really no point trying to make FreeBSD be OpenBSD when it
>> comes to
>> > such requirements. Look at the advantages of "separation of power" -
>> give
>> > to OpenBSD the fireallpower and FreeBSD the serverpower.
>> >
>> > In keeping with the K.I.S.S principle, please let anyone needing new PF
>> > syntax just use OpenBSD.
>> >
>> > My humble opinion.
>> > --
>> > Best regards,
>> > Odhiambo WASHINGTON,
>> > Nairobi,KE
>> > +254733744121/+254722743223
>> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>> > I can't hear you -- I'm using the scrambler.
>> > _______________________________________________
>> > freebsd-pf at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>> >
>>
>> The truth is that you can add a shim layer between the old syntax to new
>> syntax and maintain the new 'locking' present in 10.x branch.
>>
>> Maybe it would be worth to send a project proposal to the FreeBSD
>> Foundation about this,
>> but i do not know how keen they are to support through funding this.
>>
>> When the locking was changed there were a discussion about keeping both of
>> the versions but it was just thrown to the trash by the guy doing
>> the new 'locking'.
>>
>> Probably it has to be asked to the foundation how keen they are to support
>> this development to have things upgraded.
>>
>> --
>> Ermal
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>>
>
>
>
> --
> Sami Halabi
> Information Systems Engineer
> NMS Projects Expert
> FreeBSD SysAdmin Expert
>
>
--
Ermal
More information about the freebsd-pf
mailing list