From owner-svn-src-projects@freebsd.org Wed Apr 3 21:30:32 2019 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 030CF1553F71 for ; Wed, 3 Apr 2019 21:30:32 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE4486E7CA; Wed, 3 Apr 2019 21:30:29 +0000 (UTC) (envelope-from gnn@neville-neil.com) Received: from [10.37.129.2] (unknown [65.88.88.178]) (Authenticated sender: gnn@neville-neil.com) by relay10.mail.gandi.net (Postfix) with ESMTPSA id 10B14240005; Wed, 3 Apr 2019 21:30:20 +0000 (UTC) From: "George Neville-Neil" To: "Kristof Provost" Cc: rgrimes@freebsd.org, "Andrey V. Elsukov" , "Mateusz Guzik" , src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl Date: Wed, 03 Apr 2019 17:27:26 -0400 X-Mailer: MailMate (1.12.4r5594) Message-ID: <7A8504D1-7A27-4B8D-8263-9AC54EABBF88@neville-neil.com> In-Reply-To: References: <201904011348.x31Dm86D015297@gndrsh.dnsmgr.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DE4486E7CA X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of gnn@neville-neil.com designates 217.70.178.230 as permitted sender) smtp.mailfrom=gnn@neville-neil.com X-Spamd-Result: default: False [-4.36 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[230.178.70.217.list.dnswl.org : 127.0.5.1]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:217.70.176.0/21]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[neville-neil.com]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_FIVE(0.00)[6]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[spool.mail.gandi.net,fb.mail.gandi.net,spool.mail.gandi.net,fb.mail.gandi.net,spool.mail.gandi.net,fb.mail.gandi.net]; NEURAL_HAM_SHORT(-0.99)[-0.992,0]; IP_SCORE(-0.95)[ip: (-1.66), ipnet: 217.70.176.0/20(-1.72), asn: 29169(-1.38), country: FR(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29169, ipnet:217.70.176.0/20, country:FR]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 21:30:32 -0000 On 1 Apr 2019, at 12:16, Kristof Provost wrote: > On 1 Apr 2019, at 15:48, Rodney W. Grimes wrote: >> [ Charset UTF-8 unsupported, converting... ] >>> On 01.04.2019 16:30, Rodney W. Grimes wrote: >>> It seems it is too late: >>> https://marc.info/?l=openbsd-tech&m=155409489427092&w=2 >> >> I am wondering on the above as it has a date of: >> Date: 2019-04-01 5:01:03 >> >> which would be in line with Kristof's joke. >> > Yes, OpenBSD are clearly joking as well. > >>> http://mail-index.netbsd.org/tech-kern/2019/03/29/msg024883.html >> This is inline with what is being proposed here, NetBSD has >> old rotted code that needs updated. > > [Disclaimer: I do not speak for NetBSD, and based this on my reading > of that thread] > > NetBSD however are serious. > Their situation is slightly different, in that their primary reason is > that they don’t have a maintainer for their pf version and it’s > suffering from significant bitrot. > > Our situation is somewhat better. Our pf is maintained and does get > bug fixes and improvements. Not as many as I’d like, but there’s > something. > >> Rather than do that work >> twice, do it 1.5 times (implementing the same technology in >> 2 OS's should be less work than doing it twice.) >> >> I believe there is grant money avaliable from a non Foundation >> source that could be used to do this work. >> > I’m not at all opposed to updating our pf, but there are a few > obstacles (technical: performance, syntax and vimage. Practical: this > is a lot of work). If people are interested in that discussion I’d > propose someone start a new thread on freebsd-pf@, and I’ll expand > on what I think the problems are and what needs to be done. > > I’d also be interested in knowing what people are looking for from > an updated pf in FreeBSD. What are the improvements in OpenBSD that > you’d really like to see in FreeBSD? > In the age of NAT do we really need a firewall? Yes, it's April 3rd but, you did start it :-) Best George