svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl

George Neville-Neil gnn at neville-neil.com
Tue Sep 3 14:06:11 UTC 2019 


On 1 Apr 2019, at 12:16, Kristof Provost wrote:

> On 1 Apr 2019, at 15:48, Rodney W. Grimes wrote:
>> [ Charset UTF-8 unsupported, converting... ]
>>> On 01.04.2019 16:30, Rodney W. Grimes wrote:
>>> It seems it is too late:
>>> 	https://marc.info/?l=openbsd-tech&m=155409489427092&w=2
>>
>> I am wondering on the above as it has a date of:
>> Date:       2019-04-01 5:01:03
>>
>> which would be in line with Kristof's joke.
>>
> Yes, OpenBSD are clearly joking as well.
>
>>> 	http://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html
>> This is inline with what is being proposed here, NetBSD has
>> old rotted code that needs updated.
>
> [Disclaimer: I do not speak for NetBSD, and based this on my reading 
> of that thread]
>
> NetBSD however are serious.
> Their situation is slightly different, in that their primary reason is 
> that they don’t have a maintainer for their pf version and it’s 
> suffering from significant bitrot.
>
> Our situation is somewhat better. Our pf is maintained and does get 
> bug fixes and improvements. Not as many as I’d like, but there’s 
> something.
>
>> Rather than do that work
>> twice, do it 1.5 times (implementing the same technology in
>> 2 OS's should be less work than doing it twice.)
>>
>> I believe there is grant money avaliable from a non Foundation
>> source that could be used to do this work.
>>
> I’m not at all opposed to updating our pf, but there are a few 
> obstacles (technical: performance, syntax and vimage. Practical: this 
> is a lot of work). If people are interested in that discussion I’d 
> propose someone start a new thread on freebsd-pf@, and I’ll expand 
> on what I think the problems are and what needs to be done.
>
> I’d also be interested in knowing what people are looking for from 
> an updated pf in FreeBSD. What are the improvements in OpenBSD that 
> you’d really like to see in FreeBSD?
>
In the age of NAT do we really need a firewall?

Yes, it's April 3rd but, you did start it :-)

Best
George

More information about the svn-src-projects mailing list