Re: Future of pf / firewall in FreeBSD ? - does it have one ?
--vKFfOv5t3oGVpiF+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote:
> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels <lars.engels@0x20.net> wrote:
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two version=
s of
> >> pf on the bsd's at the user level, is a bad thing. It confuses people,
> >> which puts them off. Its a classic case of divide an conquer for other
> >> platforms. I really like the idea of the openpf version, that has been
> >> mentioned in this thread. It would be awesome if it ended up as a supp=
orted
> >> linux thing as well, so the world could be rid of iptables. However i =
guess
> >> thats just an unrealistic dream
> >
> > And you don't seem to get the point that _someone_ has to do the work.
> > No one has stepped up so far, so nothing is going to change.
>=20
> Gleb believes that the majority of FreeBSD users don't want the
> updated syntax, among other changes, from the more recent pf versions.
> Developers who share his opinion are not going to volunteer to do the
> work. This discussion is about showing this belief to be wrong, which
> is the first step in the process.
>=20
> In my opinion, the way forward is to forget (at least temporarily) the
> SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> follow their releases as closely as possible, and then try to
> reintroduce all the SMP work. I think the latter has to be done
> upstream, otherwise it'll always be a story of diverging codebases.
> Furthermore, if FreeBSD developers were willing to spend some time
> improving pf performance on OpenBSD, then Henning and other OpenBSD
> developers might be more receptive to changes that make the porting
> process easier.
smp is not the only change we did, if you forget about it you will also get=
into
other co plication to sync from openbsd
Bapt
--vKFfOv5t3oGVpiF+
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iEYEARECAAYFAlPL0swACgkQ8kTtMUmk6EwBswCgqZUTDayXXQbDxMeRDeluVpFF
lNcAn2Dpf2owQxkY4LO9vrXANQ9luA+u
=I8MY
-----END PGP SIGNATURE-----
--vKFfOv5t3oGVpiF+--
討論串 (同標題文章)
完整討論串 (本文為第 32 之 44 篇):