Future of pf / firewall in FreeBSD ? - does it have one ?

Miroslav Lachman 000.fbsd at quip.cz
Fri Jul 18 13:02:23 UTC 2014

Gleb Smirnoff wrote, On 07/18/2014 13:06:


> The pf mailing list is about a dozen of active people. Yes, they are vocal
> on the new syntax. But there also exist a large number of common FreeBSD
> users who simply use pf w/o caring about syntax and reading pf mailing
> list. If we destroy the syntax compatibility a very large population of
> users would be hurt, for the sake of making a dozen happy.

I don't agree on this part. Almost every bigger project / application 
needs to make some uncompatible changes over time. Apache, MySQL, PHP, 
GNOME, KDE... or FreeBSD itself with recent changes from pkg_* to 
pkg(ng). Backward compatibility cannot be maintained infinitely if new 
features should be added. I don't see the reason why PF should be exception.
And I am writing this as one who really don't need any new PF features, 
but I am fine with syntax change in newer FreeBSD major version.
There were bigger problem with pf.conf in the past - freebsd-update 
deleted it and machine was unprotected after reboot. So properly 
announced syntax change and tutorial to conversions is not problem for 
me and I hope for some others too.

Miroslav Lachman

More information about the freebsd-questions mailing list