Future of pf / firewall in FreeBSD ? - does it have one ?

Adrian Chadd adrian at freebsd.org
Sun Jul 20 22:30:29 UTC 2014

Noone needs to say "you can do X." You can just fork freebsd in
whatever form you want, update to the latest github and work to
eventually get it included. Or you could treat it as an entirely
external-from-system plugin module that you compile up - the packet
filter hooks API lets you do this relatively nicely nowdays.

There's multiple ways to do this. No-one needs to ask permission.
Someone just has to do it.

So if you want to do it, say so, and please feel free to canvas for
donations / funding / whatever you need to keep up whatever you need
to get it done. You don't need permission. Don't worry about how to
get it into the tree when you're done. Just do it.


On 20 July 2014 15:26, Daniel Feenberg <feenberg at nber.org> wrote:
> On Sun, 20 Jul 2014, Kurt Jaeger wrote:
>> Hi!
>>>> And you don't seem to get the point that _someone_ has to do the work.
>>>> No one has stepped up so far, so nothing is going to change.
>> Franco Fichtner said he's interested in doing it. He probably
>> needs funding.
>>> No one with authority has yet said that "If an updated pf were available,
>>>   would be welcomed".
>> Which person or group would you view as "authority" in this case ?
> I am not privy to the inner workings of the project, but surely a
> decision of this importance would come to the attention of the
> core team, who are listed at:
>   http://www.freebsd.org/administration.html#t-core
> A port of OpenBSD PF may be quite impractical or undesirable- I have no
> idea. However, if all potential contributions are viewed as criticism to be
> refuted, it will damage the ability of the project to attract contributors.
> Rather than telling a potential contributor that their efforts will never be
> included in the official distribution it would be more supportive of the
> project to say that a port of PF would be welcome as a port, but might have
> difficulty displacing current offering. That doesn't promise anything, but
> encourages involvement, if indeed involvement is desired.
> Daniel Feenberg
>> --
>> pi at opsec.eu            +49 171 3101372                         6 years to
>> go !
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

More information about the freebsd-questions mailing list