From owner-freebsd-current@FreeBSD.ORG Sun Jul 20 22:01:02 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D2AD17C0; Sun, 20 Jul 2014 22:01:02 +0000 (UTC) Received: from mail101c7.megamailservers.com (mail731.megamailservers.com [69.49.98.41]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A101D209E; Sun, 20 Jul 2014 22:01:00 +0000 (UTC) X-Authenticated-User: hurds.sasktel.net Received: from [192.168.0.33] (ip70-187-145-241.oc.oc.cox.net [70.187.145.241]) (authenticated bits=0) by mail101c7.megamailservers.com (8.13.6/8.13.1) with ESMTP id s6KLfTfu028326; Sun, 20 Jul 2014 17:41:32 -0400 Message-ID: <53CC3789.8060902@sasktel.net> Date: Sun, 20 Jul 2014 14:41:29 -0700 From: Stephen Hurd User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26 MIME-Version: 1.0 To: krad Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ? References: <53C706C9.6090506@com.jkkn.dk> <20140718110645.GN87212@FreeBSD.org> <20140718151255.b3e677d9.gerrit.kuehn@aei.mpg.de> <53CA2D39.6000204@sasktel.net> In-Reply-To: X-Enigmail-Version: 1.6.1_pre20140112 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-CTCH-RefID: str=0001.0A02020A.53CC378C.011E, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-CTCH-VOD: Unknown X-CTCH-Spam: Unknown X-CTCH-Score: 0.000 X-CTCH-Rules: X-CTCH-Flags: 0 X-CTCH-ScoreCust: 0.000 X-CSC: 0 X-CHA: v=2.1 cv=McNV5fPf c=1 sm=1 tr=0 a=qWhSLQ/2FgUpSQgLv9E1tw==:117 a=qWhSLQ/2FgUpSQgLv9E1tw==:17 a=kviXuzpPAAAA:8 a=BDKbP5mgAAAA:8 a=zNQZm9IoAq8A:10 a=cQ5pcHtl6RgA:10 a=YxfxW3ofkq8A:10 a=IkcTkHD0fZMA:10 a=uhPMnebkAAAA:8 a=ULDmNEh5usy-Y3qWiaUA:9 a=QEXdDO2ut3YA:10 Cc: FreeBSD Mailing List , =?UTF-8?B?R2Vycml0?= =?UTF-8?B?IEvDvGhu?= , freebsd-current@freebsd.org, Gleb Smirnoff , Matt Bettinger X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 22:01:02 -0000 krad wrote: > all of that is true, but you are missing the point. Having two > versions of pf on the bsd's at the user level, is a bad thing. It > confuses people, which puts them off. Its a classic case of divide an > conquer for other platforms. I really like the idea of the openpf > version, that has been mentioned in this thread. It would be awesome > if it ended up as a supported linux thing as well, so the world could > be rid of iptables. However i guess thats just an unrealistic dream No, the point was that matching OpenBSDs pf syntax for the sake of the Google results isn't a valid reason to change it. I'm not saying there aren't any valid reasons, just that useless search results isn't one of them. As for my opinion of the rule format changing, I'm fine with it as long as it happens on a major version release (ie: 11.0) and is documented. If I want to use the old pf, I'll use an old FreeBSD.