Future of pf / firewall in FreeBSD ? - does it have one ?
000.fbsd at quip.cz
Fri Jul 18 13:02:23 UTC 2014
Gleb Smirnoff wrote, On 07/18/2014 13:06:
> The pf mailing list is about a dozen of active people. Yes, they are vocal
> on the new syntax. But there also exist a large number of common FreeBSD
> users who simply use pf w/o caring about syntax and reading pf mailing
> list. If we destroy the syntax compatibility a very large population of
> users would be hurt, for the sake of making a dozen happy.
I don't agree on this part. Almost every bigger project / application
needs to make some uncompatible changes over time. Apache, MySQL, PHP,
GNOME, KDE... or FreeBSD itself with recent changes from pkg_* to
pkg(ng). Backward compatibility cannot be maintained infinitely if new
features should be added. I don't see the reason why PF should be exception.
And I am writing this as one who really don't need any new PF features,
but I am fine with syntax change in newer FreeBSD major version.
There were bigger problem with pf.conf in the past - freebsd-update
deleted it and machine was unprotected after reboot. So properly
announced syntax change and tutorial to conversions is not problem for
me and I hope for some others too.
More information about the freebsd-questions