Re: Future of pf / firewall in FreeBSD ? - does it have one ?
Cy Schubert <Cy.Schubert <at> komquats.com>
2014-07-23 19:59:30 GMT
In message <53CCF596.1070302 <at> yandex.ru>, "Andrey V. Elsukov" writes:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
> On 20.07.2014 18:15, Maxim Khitrov wrote:
> > In my opinion, the way forward is to forget (at least temporarily) the
> > SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> > follow their releases as closely as possible, and then try to
> > reintroduce all the SMP work. I think the latter has to be done
> > upstream, otherwise it'll always be a story of diverging codebases.
> > Furthermore, if FreeBSD developers were willing to spend some time
> > improving pf performance on OpenBSD, then Henning and other OpenBSD
> > developers might be more receptive to changes that make the porting
> > process easier.
> Even if you just drop current PF from FreeBSD, there is nobody, who want
> to port new PF from OpenBSD. And this is not easy task, as you may
> think. Gleb has worked on rewriting PF more than half year. So, return
> back all improvements after import will be hard enough and, again,
> nobody want to do it. :)
One way or another something needs to be done and agreed it would be a lot
of work. Our options are,
a) Import OpenBSD pf thereby throwing away our current investment in pf.
All our work to get it up to snuff with our IP stack, SMP, and VIMAGE would
be all for naught. We do get a new pf though. Won't be a quality port
though. Personally, not my #1 option.