Future of pf / firewall in FreeBSD ? - does it have one ?

Mike. the.lists at mgm51.com
Sun Jul 20 13:39:32 UTC 2014

On 7/19/2014 at 9:36 PM Darren Pilgrim wrote:

|On 7/18/2014 6:51 AM, Franco Fichtner wrote:
| [snip]
|All because over half a decade ago some folks got all butthurt over
|config file format change.

I'm juggling two formats for specifying NIC configurations in
rc.conf, one on a 8.4 server and another on some 10.0 servers.  I've
also been through pf.conf syntax changes in the past, and I expect to
be subject to pf.con syntax changes in the future.   Did I have to do
some extra work to accomodate those changes?  Yes.  Was it worth the
effort?  Absolutely.

Not only am I handling the handling of two NIC configuration syntaxes
OK, I look forward to when I can bring the 8.4 server up to 10.x for,
among other things, imo the better syntax of the networking
configuration in 10.x.

imho, the root problem here is that an effort to implement a single
feature improvement (multi-threading) has caused the FreeBSD version
of pf to apparently reach a near-unmaintainable position in the
FreeBSD community because improvements from OpenBSD can no longer be
ported over easily.   FreeBSD's pf has been put in a virtual
isolation chamber due to the multi-threaded enhancement.

Was it worth it?

More information about the freebsd-questions mailing list