On Nov 20, 2012, at 7:46 AM, Odhiambo Washington <[email protected]> wrote:
> On Tue, Nov 20, 2012 at 5:23 AM, Paul Webster <[email protected] >> wrote: > >> Good day all, >> >> I am aware this is a much discussed subject since the upgrade of PF, I >> believe the final decision was that to many users are used to the old >> style pf and an upgrade to the new syntax would cause to much confusion. >> >> There was a recent debate on ##freebsd about this issue and I was inclined >> to mail in and get your opinions; basically it boiled down to the majority >> of users wanting either: >> >> 1) To move to the newer pf and just add to releases notes what had >> happened, >> and >> 2) my own personal opinion: creating 'pf2-*' as a kernel option tree, >> basically using the newer pf syntax and allowing users to choose. >> >> I would be interested to know the feedback from you guys as to be honest >> there seems to be quite a few users who actually DO want the new style >> format and functionality that comes with. >> >> I Attached the log of the conversation just for reference. >> >> > It's been difficult enough to maintain PF on FreeBSD because of the time > needed to be invested in the FreeBSD port. > This situation remains to date, from what I understand. I guess someone can > look at how many bugs/feature requests still remain open for PF on FreeBSD. > > I therefore feel that whoever wants to run PF should use a dedicated > OpenBSD box as a firewall/whatever they use PF for. > There is really no point trying to make FreeBSD be OpenBSD when it comes to > such requirements. Look at the advantages of "separation of power" - give > to OpenBSD the fireallpower and FreeBSD the serverpower. > > In keeping with the K.I.S.S principle, please let anyone needing new PF > syntax just use OpenBSD. > I for one can't agree with this line of thinking. The *only* reason we use fbsd at work is as firewalls, which sometimes also act as load balancers through the use of either relayd, nginx, and/or haproxy. The "real" servers themselves run debian and are much easier and convenient to upgrade. Following your logic, we'd ditch freebsd entirely, in my case ; way to erode the userbase. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
