Get RID of the multi threading patch in FreeBSDs version of PF
Martin Hanson
greencoppermine at yandex.com
Sat Dec 6 02:09:44 UTC 2014
Hi,
I have been looking into PF on FreeBSD and I am surprised about the
situation in which support for multi threading was added before it was
brought up to date with the version from OpenBSD.
Some people outright warn about using it because the version in FreeBSD
is more than five years old and with the multi threading patch it has
become completely impossible to bring it up to date.
Has any important bugs been fixed in PF on OpenBSD since the current
port in FreeBSD that actually makes the current PF in FreeBSD
"dangerous" to run with?
I believe that most would agree that it would be a whole lot better to
get an updated port from OpenBSD rather than running with multi
threading support on a completely outdated firewall.
It's like taking my old rust bucket of a car and installing a new fast
engine before a actually fixing the old crap. Who cares about driving fast
if the freaking wheels come of?
Rolling it back WITHOUT actually upgrading it would even be *better*
than running it with the multi threading patch!
Then someone who might actually have the time might take the task upon
himself/herself to bring it in sync with OpenBSD.
With the multi threading patch in place nobody will ever want to do
that!
It is damaging for FreeBSD in that we're loosing the best firewall out
there!
I am not a coder, but my advice is: Roll PF back for the next release
of FreeBSD and leave it as is! Then someone will upgrade it, sooner or
later. Keep the multi threading patch and PF will eventually be gone
from FreeBSD!
Kind regards
Martin
More information about the freebsd-pf
mailing list