Re: Future of pf / firewall in FreeBSD ? - does it have one ?
On Sun, 20 Jul 2014, Lars Engels wrote: On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote: all of that is true, but you are missing the point. Having two versions of pf on the bsd's at the user level, is a bad thing. It confuses people, which puts them off. Its a classic case of divide an conquer for other platforms. I really like the idea of the openpf version, that has been mentioned in this thread. It would be awesome if it ended up as a supported linux thing as well, so the world could be rid of iptables. However i guess thats just an unrealistic dream And you don't seem to get the point that _someone_ has to do the work. No one has stepped up so far, so nothing is going to change. No one with authority has yet said that "If an updated pf were available, would be welcomed". Rather they have said "An updated pf would not be suitable, as it would be incompatible with existing configuration files". If the latter is indeed the case, there is little incentive for anyone to go to the effort of porting the newer pf. After all, the reward for the work is chiefly in glory, and if there is to be no glory, the work is unlikely to be done. I do not have a horse in this race. Daniel Feenberg NBER ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
Re: Future of pf / firewall in FreeBSD ? - does it have one ?
On Sun, 20 Jul 2014, Kurt Jaeger wrote: Hi! And you don't seem to get the point that _someone_ has to do the work. No one has stepped up so far, so nothing is going to change. Franco Fichtner said he's interested in doing it. He probably needs funding. No one with authority has yet said that "If an updated pf were available, would be welcomed". Which person or group would you view as "authority" in this case ? I am not privy to the inner workings of the project, but surely a decision of this importance would come to the attention of the core team, who are listed at: http://www.freebsd.org/administration.html#t-core A port of OpenBSD PF may be quite impractical or undesirable- I have no idea. However, if all potential contributions are viewed as criticism to be refuted, it will damage the ability of the project to attract contributors. Rather than telling a potential contributor that their efforts will never be included in the official distribution it would be more supportive of the project to say that a port of PF would be welcome as a port, but might have difficulty displacing current offering. That doesn't promise anything, but encourages involvement, if indeed involvement is desired. Daniel Feenberg -- p...@opsec.eu+49 171 3101372 6 years to go ! ___ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
