You've convinced me. Why try to emulate something, even if it is just cosmetic, that isn't as good. That's just going to obscure what pf really is.
I must be honest though, I wouldn't know how to answer someone if they asked me why pf is better than say an SRX or ASA firewall-router or vice versa. I use OpenBSD/pf because it is Free and it does everything I can think of. Theo compared junos vs pf, to shoes and a 737. That's pretty exciting, but why? pf has done what I need it to do without me needing to learn much about it I suppose. I can point out things I like about each (I prefer rule processing order and 'quick' of pf to anything else for example) but I wouldn't be able to provide anything definitive and that's only because of my own ignorance. Unless we are talking about things that are particularly interesting to developers which I am not but I understand the value of an open platform. I suppose that alone is enough to make the shoes vs 737 comparison, but I'm asking along the lines of things you can do simply through configuration. On Sat, Feb 16, 2013 at 9:20 AM, Matthew Weigel <uni...@idempot.net> wrote: > On Feb 16, 2013, at 5:28 AM, Vadim Zhukov <persg...@gmail.com> wrote: > >> 2013/2/16 Fil DiNoto <fdin...@gmail.com>: >>> But this is all off-topic, I'm not slaming pf in any way i love it. I >>> was just saying it can't hurt to try to emulate what people know if at >>> all possible. And the fact is that junos/ios have the market share so >>> thats what people know. > > Sorry, Vadim, for responding to Fil through your email. > > I think there is a real risk to trying to present an interface that is > reminiscent of other systems, that behave differently and do less. People > will begin to expect that pf does the same things - no more, no less. Power > that is specific to pf over other systems will be ignored, because people > will think that since they are familiar with the interface they know what > they're doing. > > Presenting a different interface is a FANTASTIC way to communicate > 'difference' to the user. It forces them to think about the difference > sooner, rather than when things aren't working as expected (or after they've > bought more equipment on top of the OpenBSD firewall because "JunOS can't do > that"). > > If that means people don't learn pf because they realize very quickly that > it's unlike anything they know... That is a SERVICE being provided. They knew > they didn't have the time to figure it out before they got ass-deep into it. > -- > Matthew Weigel > hacker > unique & idempot . ent
