Date: Mon, 18 Oct 2004 13:53:16 +0200 From: Max Laier <max@love2party.net> To: stheg olloydson <stheg_olloydson@yahoo.com> Cc: freebsd-pf@freebsd.org Subject: Re: Plans for 6-CURRENT and 5-STABLE Message-ID: <200410181353.24464.max@love2party.net> In-Reply-To: <20041018043106.57778.qmail@web53907.mail.yahoo.com> References: <20041018043106.57778.qmail@web53907.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1102097.YEOH9uDcCj Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Monday 18 October 2004 06:31, stheg olloydson wrote: > it was said by Max Laier on 17.10.04: > >There are some FreeBSD specific things that need improvement and clean > >up. This is the first task that I will work on in 6-CURRENT starting > >from now. > > > >Most prominently this includes the interface handling. There are some > >open problems to be addressed, such as the inability to recognize > >renamed interfaces as well as problems around 6to4. > > Does this include improvements in bridging? I saw your comments in a > reply to this list 15.10.04. on this issue that vast improvements to > FBSD's bridging support are needed to enable use of all of pf's > features. While I am not using bridging now, I will need to set it up > in six months or so. No. Bridgeing is a completely different story. I'd welcome an import of=20 if_bridge from Net/OpenBSD, but I will not have time to persue this. There= =20 was an effort to do so, but - unfortunately - I lost track of it. People=20 interested should find it in the -current or -net archives. > >Another big thing on the plate now, is a shared/exclusive lock semantic = for=20 > >the ruleset evaluation. This will not only speed things up by quite a bi= t,=20 > >but will also resolve the requirement to run with mpsafenet=3D0 if one w= ants=20 > >to use user/group based filter rules. =20 > > How badly does this impact now? This is a feature I have been looking > forward to using. Largely depends on your workload, hardware and so forth. If you have - for= =20 example - a fairly heavy loaded MySQL on a 4way Xeon box, you'd want to run= =20 with mpsafenet=3D1 (and hence avoid using user/group rules). On an UP box i= t=20 should not matter. > >All these projects will be merged into 5-STABLE once they have proven in= =20 > >HEAD.=20 > > Will they be merged to 5-RELEASE, as well? I prefer not to track > STABLE. There is no such thing as 5-RELEASE. RELENG_5_3 (which you might be confusi= ng=20 here) is solely for merging security fixes. All other changes go to RELENG_= 5=20 (aka 5-STABLE) and become part of the *next* release. > > Thanks for reading so far, please let me know your thoughts, concerns a= nd=20 > > questions. > > You're welcome. And thank you for your efforts in bring pf over from > OpenBSD! One final question: Considering the inevitable loss of sync > with the OBSD version, is separate FreeBSD-centric documentation > planned? I ask because currently all docs are done by OBSD people, as > far as I can tell. (I'd be willing to try my hand at this if someone > doesn't mind my asking a lot of questions.) The firewall chapter of the Handbook is being revised to give some informat= ion=20 about PF as well. This will link to the OpenBSD PF-FAQ - an extra ordinary= =20 piece of documentation - for now. Depending on "how bad" we diverge from=20 OpenBSD we will either maintain our own version of the FAQ or (more likely)= =20 describe the "delta" between Open- and FreeBSD's PF in the handbook's=20 firewall chapter and continue to reference the FAQ. At the moment the=20 difference between OpenBSD 3.5 PF and FreeBSD 5.3 PF is negligible. But of course, you are more than welcome to read the existing documentation= ,=20 to identify problems and differences and eventually provide solutions. Aski= ng=20 questions is not a problem either. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1102097.YEOH9uDcCj Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQBBc660XyyEoT62BG0RAkKrAJ9FJIb8e4Ca4b1mxitlJwKXDr9ZMQCdHxux z6kgcCGNdC8kS3t16S+AJqg= =sRgV -----END PGP SIGNATURE----- --nextPart1102097.YEOH9uDcCj--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410181353.24464.max>