Date: Thu, 27 May 2010 19:32:33 +0200 (CEST) From: Mohacsi Janos <mohacsi@niif.hu> To: Martin Matuska <mm@FreeBSD.org> Cc: freebsd-pf@freebsd.org Subject: Re: Base import proposal: relayd Message-ID: <alpine.BSF.2.00.1005271926300.57772@mignon.ki.iif.hu> In-Reply-To: <4BFE7B74.4050709@FreeBSD.org> References: <4BFE5A26.8030301@FreeBSD.org> <201005271534.27006.max@love2party.net> <4BFE7B74.4050709@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-568278634-1274981343=:57772 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-2; FORMAT=flowed Content-Transfer-Encoding: 8BIT Content-ID: <alpine.BSF.2.00.1005271932091.57772@mignon.ki.iif.hu> Dear All, I would appricate the fixes in ports tree first. I use relayd for a while on FreeBSD 7 stable. I have problem with the tcp checking. Janos Mohacsi Head of HBONE+ project Network Engineer, Deputy Director of Network Planning and Projects NIIF/HUNGARNET, HUNGARY Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882 On Thu, 27 May 2010, Martin Matuska wrote: > Well, what relayd actually provides is level 3 and level 7 reverse proxy > (with transparency support) and a load-balancer. > > We could say that this can be seen as a "frontend to pf", but also as a > level 7 reverse proxy like varnish or pound. I have experience with all > of these. The configuration file syntax matches pf.conf(5). People with > pf(4) skills can take a benefit of it, for me it was the daemon I was > searching for a long time. > > Why putting it in base? We could provide an out-of-the box load-blancing > solution with service availability checking. > This is indeed very useful when FreeBSD is used as a (load-balancing) > firewall. In addition, the code is quite small and easy to integrate. > > On the other hand, the current port (dating december 2007) is in a very > buggy state and I do not recommend using it, as it might easily confuse > your pf. The bugs are major, e.g. not cleaning pf rules/tables/anchors > on exit or segfault on reloading a mistyped configuration file. > > As an alternative I would like to maintain the port, I am already trying > to get in touch with Jun Kuriyama. > > Cheers, > mm > > Dňa 27. 5. 2010 15:34, Max Laier wrote / napísal(a): >> Hello Martin, >> >> On Thursday 27 May 2010 13:40:22 Martin Matuska wrote: >> >>> Comments and suggestions are welcome. >>> >> first off, thank you for your interest in pf - more hands are greatly >> appreciated! >> >> On the $subj, I'm not sure what the added benefit of relayd in base is. >> Having it in ports makes it easier to pull in new features/releases. The same >> could be said for (t)ftp-proxy, but it was decided that ftp NAT support is a >> *basic* function of any firewall and therefore should be in the base system. >> >> Can you share your reasons for wanting it in base as opposed to ports? >> >> On the nitpicking side of things - from a quick glance: The build of >> relayd/ctl should probably be conditional on WITHOUT_PF. >> >> Thanks, >> Max >> > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > --0-568278634-1274981343=:57772--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1005271926300.57772>