Base import proposal: relayd
Max Laier
max at love2party.net
Thu May 27 14:57:08 UTC 2010
On Thursday 27 May 2010 16:02:28 Martin Matuska wrote:
> Well, what relayd actually provides is level 3 and level 7 reverse proxy
> (with transparency support) and a load-balancer.
>
> We could say that this can be seen as a "frontend to pf", but also as a
> level 7 reverse proxy like varnish or pound. I have experience with all
> of these. The configuration file syntax matches pf.conf(5). People with
> pf(4) skills can take a benefit of it, for me it was the daemon I was
> searching for a long time.
>
> Why putting it in base? We could provide an out-of-the box load-blancing
> solution with service availability checking.
> This is indeed very useful when FreeBSD is used as a (load-balancing)
> firewall. In addition, the code is quite small and easy to integrate.
>
> On the other hand, the current port (dating december 2007) is in a very
> buggy state and I do not recommend using it, as it might easily confuse
> your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors
> on exit or segfault on reloading a mistyped configuration file.
>
> As an alternative I would like to maintain the port, I am already trying
> to get in touch with Jun Kuriyama.
I don't mean to stop you ... it's just my opinion that a port is easier kept
up-to-date and the more convenient choice for most users. I wasn't aware that
the current port has issues, I don't use relayd.
In any case, please go ahead with whichever solution you find the most
convenient and let me know if you need any help. If you decide to go for the
base import, you might want to bring it up on net@ - as I'm sure the people on
there will have an opinion and it's always a good idea to have the discussion
before the commit.
Thanks,
Max
More information about the freebsd-pf
mailing list