Future of pf / firewall in FreeBSD ? - does it have one ?

Baptiste Daroussin bapt at FreeBSD.org
Sun Jul 20 14:31:47 UTC 2014

On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote:
> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels <lars.engels at 0x20.net> wrote:
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two versions of
> >> pf on the bsd's at the user level, is a bad thing. It confuses people,
> >> which puts them off. Its a classic case of divide an conquer for other
> >> platforms. I really like the idea of the openpf version, that has been
> >> mentioned in this thread. It would be awesome if it ended up as a supported
> >> linux thing as well, so the world could be rid of iptables. However i guess
> >> thats just an unrealistic dream
> >
> > And you don't seem to get the point that _someone_ has to do the work.
> > No one has stepped up so far, so nothing is going to change.
> Gleb believes that the majority of FreeBSD users don't want the
> updated syntax, among other changes, from the more recent pf versions.
> Developers who share his opinion are not going to volunteer to do the
> work. This discussion is about showing this belief to be wrong, which
> is the first step in the process.
> In my opinion, the way forward is to forget (at least temporarily) the
> SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> follow their releases as closely as possible, and then try to
> reintroduce all the SMP work. I think the latter has to be done
> upstream, otherwise it'll always be a story of diverging codebases.
> Furthermore, if FreeBSD developers were willing to spend some time
> improving pf performance on OpenBSD, then Henning and other OpenBSD
> developers might be more receptive to changes that make the porting
> process easier.

smp is not the only change we did, if you forget about it you will also get into
other co plication to sync from openbsd

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140720/26e81f46/attachment.sig>

More information about the freebsd-questions mailing list