On 8/1/14, 3:39 PM, krad wrote:
I always found natting in ipfw rather awkward and harder than in pf.
Looking at the man page it doesnt seem to have changed. I should probably
give it another go though as it has been about 10 years now
since ipfw now has a 'nat' keyword you might say that is has c
Cy Schubert wrote this message on Wed, Jul 23, 2014 at 09:18 -0700:
> In message om>
> , Adrian Chadd writes:
> > On 18 July 2014 07:34, krad wrote:
> > > that is true and I have not problem using man pages, however thats not the
> > > way most of the world work and search engines arent exactly n
On Aug 1, 2014, at 8:46, Mark Felder wrote:
> I personally use pf for many reasons, spamd included. I don't think anyone
> out there is interested in forking spamd to play ball with ipfw so we would
> also be alienating these users who can't just change packet filters. Is there
> even an equiv
In freebsd-questions Digest, Vol 530, Issue 5, Message: 1
On Thu, 31 Jul 2014 22:02:22 +1000 Da Rock
wrote:
> On 07/29/14 20:35, Gleb Smirnoff wrote:
> > On Sun, Jul 20, 2014 at 12:30:59PM -0400, Mike. wrote:
> > M> |> imho, the root problem here is that an effort to implement a
> > M> single
July 31 2014 2:41 AM, "Darren Pilgrim" wrote:
>>
>> No. I believe pf should be removed from FreeBSD and efforts refocused
>> on keeping ipfw up to date and feature complete. It makes more sense to
>> look at what pf, ipf, nbtables, etc. are all doing as a source of ideas
>> for what we can do with
------
From:"krad";
Date:2014??8??1??(??) 3:39
To:"Gleb Smirnoff";
Cc:"freebsd-current";"FreeBSD
Questions";
Subject:Re: Future of pf / firewall in FreeBSD ? - does it have one ?
I always found natting in ipfw rather awkward and harder than in pf.
Looking at the
------
From:"krad";
Date:2014??8??1??(??) 3:39
To:"Gleb Smirnoff";
Cc:"freebsd-current";"FreeBSD
Questions";
Subject:Re: Future of pf / firewall in FreeBSD ? - does it have one ?
I always found natting in ipfw rather awkward and harder than in pf.
Looking at the
I always found natting in ipfw rather awkward and harder than in pf.
Looking at the man page it doesnt seem to have changed. I should probably
give it another go though as it has been about 10 years now
On 31 July 2014 14:41, Gleb Smirnoff wrote:
> On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da R
On Thu, Jul 31, 2014 at 10:02:22PM +1000, Da Rock wrote:
D> Without diminishing your efforts so far, what do you think about
D> pitching all efforts into IPFW to combine effort and reduce overhead of
D> maintaining separate firewalls in the core? Is there an advantage to
D> having our own pf?
I
On 07/29/14 20:35, Gleb Smirnoff wrote:
On Sun, Jul 20, 2014 at 12:30:59PM -0400, Mike. wrote:
M> |> imho, the root problem here is that an effort to implement a
M> single
M> |> feature improvement (multi-threading) has caused the FreeBSD
M> version
M> |> of pf to apparently reach a near-unmainta
On 30/07/2014 2:54 AM, Kevin Oberman wrote:
> ...
> I would hope that is not the case. While NAT66 is "well known" and has been
> a topic of discussion for years, NPT66 is relatively new. It does share
> many concepts with NAT66 (and, most likely implementations also share
> code), but does not req
On 7/29/2014 3:18 AM, Gleb Smirnoff wrote:
Darren,
On Sat, Jul 19, 2014 at 09:36:06PM -0700, Darren Pilgrim wrote:
D> Never mistake silence for consent.
D>
D> The vast majority of people don't know pf is outdated and broken on
D> FreeBSD because they don't know what they're missing and likely
On 29 July 2014 09:54, Kevin Oberman wrote:
> On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec > wrote:
>
>> me wrote:
>>
>>> we are talking about NAT64 (IPv6-only datacenter's path to a legacy
>>> world),
>>> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in
>>> mind.
>>>
>>
On Tue, Jul 29, 2014 at 7:48 AM, Mark Martinec wrote:
> me wrote:
>
>> we are talking about NAT64 (IPv6-only datacenter's path to a legacy
>> world),
>> and NPT66 (prefix transalation). I doubt anyone had a traditional NAT in
>> mind.
>>
>
> Kevin Oberman wrote:
>
>> No, all of the messages in th
me wrote:
we are talking about NAT64 (IPv6-only datacenter's path to a legacy
world),
and NPT66 (prefix transalation). I doubt anyone had a traditional NAT
in mind.
Kevin Oberman wrote:
No, all of the messages in the thread are specific about NAT66, not
NPT66.
NPT66 may have real value. I ha
In message
, Kevin Oberman writes:
> On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed wrote:
>
> > On 27/07/2014 4:43 AM, Cy Schubert wrote:
> > > In message <53d395e4.1070...@fastmail.net>, Darren Reed writes:
> > >> On 24/07/2014 1:42 AM, Cy Schubert wrote:
> > > But, lack of ipv6 fragment pro
Yet another top reply to everyone.
If anyone is interested in maintaining our FreeBSD version of pf
and taking strategically right (my opinion!) steps in its life, here
is a short TODO list:
1) Make Peter and FreeBSD cluster happy. Work on the IPv6 fragments
handling. IMHO, the right way woul
Replying to the top of the thread, but the text is actually
reply to those people in the thread, who eager for import of
new pf from OpenBSD.
So, I claim that there is a vast and silent majority of people
who simply use pf and do not want the hassle with broken pf.conf.
I also claim that there
On Sun, Jul 20, 2014 at 12:30:59PM -0400, Mike. wrote:
M> |> imho, the root problem here is that an effort to implement a
M> single
M> |> feature improvement (multi-threading) has caused the FreeBSD
M> version
M> |> of pf to apparently reach a near-unmaintainable position in the
M> |> FreeBSD commu
Darren,
On Sat, Jul 19, 2014 at 09:36:06PM -0700, Darren Pilgrim wrote:
D> Never mistake silence for consent.
D>
D> The vast majority of people don't know pf is outdated and broken on
D> FreeBSD because they don't know what they're missing and likely aren't
D> using IPv6 yet. The moment you
On 29/07/2014 8:07 AM, Kevin Oberman wrote:
...
> And all IPv6 NAT is evil and should be cast into (demonic residence
> of your choosing) on sight!
For the most part, I agree with you but the problem is "checkbox"
comparisons. That IPv6 shouldn't be NAT'd is why I didn't implement
it for such a lo
On 2014-07-29 0:07, Kevin Oberman wrote:
And all IPv6 NAT is evil and should be cast into (demonic residence of your
choosing) on sight!
NAT on IPv6 serves no useful purpose at all. It only serves to complicate
things and make clueless security officers happy. It adds zero security. It
is a gre
On Mon, Jul 28, 2014 at 4:21 PM, Mark Martinec wrote:
> On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed wrote:
>>
>>> [...]
>>>
>>> IPFilter 5 does IPv6 NAT.
>>>
>>> With the import of 5.1.2, map, rdr and rewrite rules will all work with
>>> IPv6 addresses.
>>>
>>> NAT66 is a specific implementatio
On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed
wrote:
[...]
IPFilter 5 does IPv6 NAT.
With the import of 5.1.2, map, rdr and rewrite rules will all work
with
IPv6 addresses.
NAT66 is a specific implementation of IPv6 NAT behaviour.
2014-07-29 00:07 Kevin Oberman wrote:
And all IPv6 NAT is ev
On Mon, Jul 28, 2014 at 2:41 AM, Darren Reed wrote:
> On 27/07/2014 4:43 AM, Cy Schubert wrote:
> > In message <53d395e4.1070...@fastmail.net>, Darren Reed writes:
> >> On 24/07/2014 1:42 AM, Cy Schubert wrote:
> > But, lack of ipv6 fragment processing still causes ongoing pain.
> That'=
> >
On 27/07/2014 4:43 AM, Cy Schubert wrote:
> In message <53d395e4.1070...@fastmail.net>, Darren Reed writes:
>> On 24/07/2014 1:42 AM, Cy Schubert wrote:
> But, lack of ipv6 fragment processing still causes ongoing pain. That'=
> s our=20
> #1 wish list item for the cluster.
>>> Taking
In message <53d395e4.1070...@fastmail.net>, Darren Reed writes:
> On 24/07/2014 1:42 AM, Cy Schubert wrote:
> >>>
> >>> But, lack of ipv6 fragment processing still causes ongoing pain. That'=
> >>> s our=20
> >>> #1 wish list item for the cluster.
> > Taking this discussion slightly sideways but t
The flow in both directions has to include:
* better locking / parallelism
* virtualised forwarding support (ie, vimage)
If he's happy to include some stubs for that, then sure. I think both
dfbsd and freebsd can use the same pf.
-a
On 26 July 2014 08:27, Mark Felder wrote:
> We've already h
We've already heard of Henning offering to help port a new pf but the olive
branch has been extended even further. He responded to some comments of mine on
twitter:
@HenningBrauer: @rhymebyter @feldpos I offered help/advice to whomever
seriously attempts to update pf in @dragonflybsd AND @freeb
On 24/07/2014 1:42 AM, Cy Schubert wrote:
>>>
>>> But, lack of ipv6 fragment processing still causes ongoing pain. That'=
>>> s our=20
>>> #1 wish list item for the cluster.
> Taking this discussion slightly sideways but touching on this thread a
> little, each of our packet filters will need nat
Sorry for the late reply. It's a busy time right now.
In message <53d0239d.1050...@a1poweruser.com>, Fbsd8 writes:
> Cy Schubert wrote:
> >> On 20.07.2014 18:15, Maxim Khitrov wrote:
> >>> In my opinion, the way forward is to forget (at least temporarily) the
> >>> SMP changes, bring pf in sync wi
On Wednesday 23 July 2014 20:59:19 Bjoern A. Zeeb wrote:
> On 23 Jul 2014, at 20:41 , Allan Jude wrote:
> > On 2014-07-23 16:38, Bjoern A. Zeeb wrote:
> >> On 23 Jul 2014, at 15:42 , Cy Schubert wrote:
> >>> Taking this discussion slightly sideways but touching on this thread a
> >>> little, each
> On Jul 24, 2014, at 13:43, Mark Felder wrote:
>
> Upstream pf from OpenBSD has removed this feature entirely and (I believe)
> reworked their scrubbing, but I don't know the details. I can confirm that
> when reassemble tcp existed on OpenBSD it never broke traffic for me.
>
I'm wrong; re
> On Jul 23, 2014, at 15:59, Bjoern A. Zeeb
> wrote:
>
> There was (is?) another case that in certain situations with certain pf
> options IPv6/ULP packets would not pass or get corrupted. I think no one who
> experienced it never tracked it down to the code but I am sure there are PRs
> fo
Cy Schubert wrote:
In message <53ccf596.1070...@yandex.ru>, "Andrey V. Elsukov" writes:
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--EITUmaAVUtsHLdssNwHpA0G0W8jTQ9d3L
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 20.07.2014 18:15, Ma
On 23 Jul 2014, at 20:41 , Allan Jude wrote:
> On 2014-07-23 16:38, Bjoern A. Zeeb wrote:
>> On 23 Jul 2014, at 15:42 , Cy Schubert wrote:
>>
>>> Taking this discussion slightly sideways but touching on this thread a
>>> little, each of our packet filters will need nat66 support too. Pf doesn
On 2014-07-23 16:38, Bjoern A. Zeeb wrote:
> On 23 Jul 2014, at 15:42 , Cy Schubert wrote:
>
>> Taking this discussion slightly sideways but touching on this thread a
>> little, each of our packet filters will need nat66 support too. Pf doesn't
>> support it for sure. I've been told that ipfw m
On 23 Jul 2014, at 15:42 , Cy Schubert wrote:
> Taking this discussion slightly sideways but touching on this thread a
> little, each of our packet filters will need nat66 support too. Pf doesn't
> support it for sure. I've been told that ipfw may and I suspect ipfilter
> doesn't as it was on
In message , Daniel
Feenberg
writes:
>
>
> On Sun, 20 Jul 2014, Lars Engels wrote:
>
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two versions of
> >> pf on the bsd's at the user level, is a bad thing. It confuses peo
In message <53ccf596.1070...@yandex.ru>, "Andrey V. Elsukov" writes:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> --EITUmaAVUtsHLdssNwHpA0G0W8jTQ9d3L
> Content-Type: text/plain; charset=ISO-8859-1
> Content-Transfer-Encoding: quoted-printable
>
> On 20.07.2014 18:15, Maxim Khitro
In message <20381608.hhy3qfh...@overcee.wemm.org>, Peter Wemm writes:
> On Saturday 19 July 2014 13:06:52 Baptiste Daroussin wrote:
> > On Fri, Jul 18, 2014 at 03:22:18PM -0400, Allan Jude wrote:
> > > On 2014-07-18 15:07, Adrian Chadd wrote:
> > > > On 18 July 2014 07:34, krad wrote:
> > > >> tha
In message
, Adrian Chadd writes:
> On 18 July 2014 07:34, krad wrote:
> > that is true and I have not problem using man pages, however thats not the
> > way most of the world work and search engines arent exactly new either. We
> > should be trying to engage more people not less, and part of tha
On 21/07/2014 5:14 AM, Eric Masson wrote:
> krad writes:
>
> Hi,
>
>> I really like the idea of the openpf version, that has been mentioned
>> in this thread.
> It would be nice but as it's been written in this thread, Open & Free
> internals are quite different beasts, goals are different on both
d-curr...@freebsd.org [mailto:owner-freebsd-
> curr...@freebsd.org] On Behalf Of Allan Jude
> Sent: 22 July, 2014 7:13
> To: freebsd-current@freebsd.org
> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ?
>
> On 2014-07-21 09:57, bycn82 wrote:
> > There is no
FWIW, and while I still wonder why we need three packet filters …
There is yet another firewall implementation in NetBSD:
http://www.netbsd.org/~rmind/npf/
It seems to be more portable, it is thought with SMP-friendliness in mind and
according to a EuroBSDCon talk ports for FreeBSD and Illumos
On 2014-07-21 09:57, bycn82 wrote:
> There is no doubt that PF is a really good firewall, But we should noticed
> that there is an ipfw which is originally from FreeBSD while PF is from
> OpenBSD.
>
> If there is a requirement that PF can meet but ipfw cannot, then I think it
> is better to imp
Hi Julian,
On 21 Jul 2014, at 05:15, Julian Elischer wrote:
> Most people I talk to just use ipfw and couldn't care whether pf lives or
> dies. They have simple requirements and almost any filter would suffice. I
> haven't found anything I'd want to use pf for that ipfw doesn't allow me to
On Behalf Of Andreas Nilsson
> Sent: 21 July, 2014 19:46
> To: sth...@nethelp.no
> Cc: Maxim Khitrov; Current FreeBSD; Mailinglists FreeBSD
> Subject: Re: Future of pf / firewall in FreeBSD ? - does it have one ?
>
> On Mon, Jul 21, 2014 at 8:56 AM, wrote:
>
> > &g
On Mon, Jul 21, 2014 at 8:56 AM, wrote:
> > > > Also, the openbsd stack has some essential features missing in
> freebsd,
> > > > like mpls and md5 auth for bgp sessions.
> > >
> > > I use MD5 auth for BGP sessions every day (and have been doing so for
> > > several releases). One could definitel
On 20.07.2014 18:15, Maxim Khitrov wrote:
> In my opinion, the way forward is to forget (at least temporarily) the
> SMP changes, bring pf in sync with OpenBSD, put a policy in place to
> follow their releases as closely as possible, and then try to
> reintroduce all the SMP work. I think the latte
> > > Also, the openbsd stack has some essential features missing in freebsd,
> > > like mpls and md5 auth for bgp sessions.
> >
> > I use MD5 auth for BGP sessions every day (and have been doing so for
> > several releases). One could definitely wish for better integration -
> > having to specify
> Also, the openbsd stack has some essential features missing in freebsd,
> like mpls and md5 auth for bgp sessions.
I use MD5 auth for BGP sessions every day (and have been doing so for
several releases). One could definitely wish for better integration -
having to specify MD5 key both in /etc/ip
On Mon, Jul 21, 2014 at 7:41 AM, wrote:
> > Also, the openbsd stack has some essential features missing in freebsd,
> > like mpls and md5 auth for bgp sessions.
>
> I use MD5 auth for BGP sessions every day (and have been doing so for
> several releases). One could definitely wish for better inte
On Mon, Jul 21, 2014 at 5:24 AM, Julian Elischer wrote:
> On 7/21/14, 7:27 AM, Andreas Nilsson wrote:
>
>> On Sun, Jul 20, 2014 at 7:41 PM, Alexander Kabaev
>> wrote:
>>
>> On Sun, 20 Jul 2014 10:15:36 -0400
>>> Maxim Khitrov wrote:
>>>
>>> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels
w
On 7/21/14, 7:27 AM, Andreas Nilsson wrote:
On Sun, Jul 20, 2014 at 7:41 PM, Alexander Kabaev wrote:
On Sun, 20 Jul 2014 10:15:36 -0400
Maxim Khitrov wrote:
On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels
wrote:
On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
all of that is true, but
On 7/20/14, 12:36 PM, Darren Pilgrim wrote:
The vast majority of people don't know pf is outdated and broken on
FreeBSD because they don't know what they're missing and likely
aren't using IPv6 yet.
s/IPv6/pf/
Most people I talk to just use ipfw and couldn't care whether pf lives
or dies.
On Sun, 20 Jul 2014, Kurt Jaeger wrote:
Hi!
And you don't seem to get the point that _someone_ has to do the work.
No one has stepped up so far, so nothing is going to change.
Franco Fichtner said he's interested in doing it. He probably
needs funding.
No one with authority has yet said
On Sun, Jul 20, 2014 at 7:41 PM, Alexander Kabaev wrote:
> On Sun, 20 Jul 2014 10:15:36 -0400
> Maxim Khitrov wrote:
>
> > On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels
> > wrote:
> > > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> > >> all of that is true, but you are missing the poin
Noone needs to say "you can do X." You can just fork freebsd in
whatever form you want, update to the latest github and work to
eventually get it included. Or you could treat it as an entirely
external-from-system plugin module that you compile up - the packet
filter hooks API lets you do this rela
krad wrote:
> all of that is true, but you are missing the point. Having two
> versions of pf on the bsd's at the user level, is a bad thing. It
> confuses people, which puts them off. Its a classic case of divide an
> conquer for other platforms. I really like the idea of the openpf
> version, tha
Hi!
> > And you don't seem to get the point that _someone_ has to do the work.
> > No one has stepped up so far, so nothing is going to change.
Franco Fichtner said he's interested in doing it. He probably
needs funding.
> No one with authority has yet said that "If an updated pf were available,
On Jul 20, 2014, at 11:35 AM, Daniel Feenberg wrote:
> Rather they have said "An updated pf would not be
> suitable, as it would be incompatible with existing configuration files".
A major FreeBSD version increment is allowed to break that level of backwards
compatibility. Nothing prevents th
On Sun, 20 Jul 2014, Lars Engels wrote:
On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
all of that is true, but you are missing the point. Having two versions of
pf on the bsd's at the user level, is a bad thing. It confuses people,
which puts them off. Its a classic case of divide an
krad writes:
Hi,
> I really like the idea of the openpf version, that has been mentioned
> in this thread.
It would be nice but as it's been written in this thread, Open & Free
internals are quite different beasts, goals are different on both
platforms, so I doubt OpenPF will exist in the futur
On Sun, 20 Jul 2014 10:15:36 -0400
Maxim Khitrov wrote:
> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels
> wrote:
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two
> >> versions of pf on the bsd's at the user level, is a b
On 7/20/2014 at 5:38 PM Franco Fichtner wrote:
|On 20 Jul 2014, at 15:39, Mike. wrote:
|
|> imho, the root problem here is that an effort to implement a
single
|> feature improvement (multi-threading) has caused the FreeBSD
version
|> of pf to apparently reach a near-unmaintainable position in th
On 20 Jul 2014, at 15:39, Mike. wrote:
> imho, the root problem here is that an effort to implement a single
> feature improvement (multi-threading) has caused the FreeBSD version
> of pf to apparently reach a near-unmaintainable position in the
> FreeBSD community because improvements from OpenB
On 7/19/2014 at 9:36 PM Darren Pilgrim wrote:
|On 7/18/2014 6:51 AM, Franco Fichtner wrote:
| [snip]
|
|
|All because over half a decade ago some folks got all butthurt over
a
|config file format change.
=
I'm juggling two formats for specifying NIC configurations in
rc.conf, one o
On Sun, Jul 20, 2014 at 10:15:36AM -0400, Maxim Khitrov wrote:
> On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels wrote:
> > On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> >> all of that is true, but you are missing the point. Having two versions of
> >> pf on the bsd's at the user level, is
On Sun, Jul 20, 2014 at 8:39 AM, Lars Engels wrote:
> On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
>> all of that is true, but you are missing the point. Having two versions of
>> pf on the bsd's at the user level, is a bad thing. It confuses people,
>> which puts them off. Its a classic
On Sun, Jul 20, 2014 at 12:18:54PM +0100, krad wrote:
> all of that is true, but you are missing the point. Having two versions of
> pf on the bsd's at the user level, is a bad thing. It confuses people,
> which puts them off. Its a classic case of divide an conquer for other
> platforms. I really
all of that is true, but you are missing the point. Having two versions of
pf on the bsd's at the user level, is a bad thing. It confuses people,
which puts them off. Its a classic case of divide an conquer for other
platforms. I really like the idea of the openpf version, that has been
mentioned i
On 19 July 2014 21:36, Darren Pilgrim wrote:
> On 7/18/2014 6:51 AM, Franco Fichtner wrote:
>>>
>>> c) We never got the new syntax from OpenBSD 4.7's pf - at the time a long
>>> discussion on the pf-mailing list flamed the new syntax saying it would
>>> cause FreeBSD administrators too much headac
On 7/18/2014 6:51 AM, Franco Fichtner wrote:
c) We never got the new syntax from OpenBSD 4.7's pf - at the time a long
discussion on the pf-mailing list flamed the new syntax saying it would cause
FreeBSD administrators too much headache. Today on the list it seems everyone
wants it - so would
On Saturday 19 July 2014 13:06:52 Baptiste Daroussin wrote:
> On Fri, Jul 18, 2014 at 03:22:18PM -0400, Allan Jude wrote:
> > On 2014-07-18 15:07, Adrian Chadd wrote:
> > > On 18 July 2014 07:34, krad wrote:
> > >> that is true and I have not problem using man pages, however thats not
> > >> the
>
On Sat, Jul 19, 2014 at 6:50 AM, Mark Felder wrote:
>
> On Jul 19, 2014, at 3:35, Andreas Nilsson wrote:
>
> > On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim <
> > list_free...@bluerosetech.com> wrote:
> >
> >> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
> >>
> >>> K> b) We are a major release a
On Jul 19, 2014, at 3:35, Andreas Nilsson wrote:
> On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim <
> list_free...@bluerosetech.com> wrote:
>
>> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
>>
>>> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
>>> K> following OpenBSD's p
On Fri, Jul 18, 2014 at 03:22:18PM -0400, Allan Jude wrote:
> On 2014-07-18 15:07, Adrian Chadd wrote:
> > On 18 July 2014 07:34, krad wrote:
> >> that is true and I have not problem using man pages, however thats not the
> >> way most of the world work and search engines arent exactly new either.
On Sat, Jul 19, 2014 at 4:40 AM, Darren Pilgrim <
list_free...@bluerosetech.com> wrote:
> On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
>
>> K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
>> K> following OpenBSD's pf the past? - should it be?
>>
>> Following OpenBSD on features
krad wrote:
> that is true and I have not problem using man pages, however thats not the
> way most of the world work and search engines arent exactly new either. We
> should be trying to engage more people not less, and part of that is
> reaching out.
One of FreeBSD's historic strengths has been
On 7/18/2014 4:06 AM, Gleb Smirnoff wrote:
K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
K> following OpenBSD's pf the past? - should it be?
Following OpenBSD on features would be cool, but no bulk imports
would be made again. Bulk imports produce bad quality of port,
and
On 2014-07-18 15:07, Adrian Chadd wrote:
> On 18 July 2014 07:34, krad wrote:
>> that is true and I have not problem using man pages, however thats not the
>> way most of the world work and search engines arent exactly new either. We
>> should be trying to engage more people not less, and part of
On 18 July 2014 07:34, krad wrote:
> that is true and I have not problem using man pages, however thats not the
> way most of the world work and search engines arent exactly new either. We
> should be trying to engage more people not less, and part of that is
> reaching out.
Then do the port and
reebsd. This is anoying, but more importantly confuses new sysadmins and
> puts them off adopting pf and possibly a bsd at all.
>
>
> On 18 July 2014 14:12, Gerrit Kühn wrote:
>
> > On Fri, 18 Jul 2014 15:06:45 +0400 Gleb Smirnoff
> > wrote about Re: Future of pf / fire
because its not supported under
>> freebsd. This is anoying, but more importantly confuses new sysadmins and
>> puts them off adopting pf and possibly a bsd at all.
>>
>>
>> On 18 July 2014 14:12, Gerrit Kühn wrote:
>>
>> > On Fri, 18 Jul 2014 15:06:45 +0
off
> wrote about Re: Future of pf / firewall in FreeBSD ? - does it have one ?:
>
> GS> The pf mailing list is about a dozen of active people. Yes, they are
> GS> vocal on the new syntax. But there also exist a large number of common
> GS> FreeBSD users who simply use pf w/o cari
Hi Kristian,
On 17 Jul 2014, at 01:12, Kristian K. Nielsen wrote:
> a) First of all - are any actively developing pf in FreeBSD?
not directly related to FreeBSD, but I was planning to bring
DragonFly's pf to a new feature state. We've had a little bit
of discussion over the recent DF SMP fixes
Gleb Smirnoff writes:
Hi,
> Following OpenBSD on features would be cool, but no bulk imports
> would be made again. Bulk imports produce bad quality of port,
> and also pf in OpenBSD has no multi thread support.
Seems this is the Next Big Thing ™ that will hit OpenBSD/pf according to
last confe
Mark,
On Fri, Jul 18, 2014 at 01:31:04PM +, Mark Felder wrote:
M> > On Thu, Jul 17, 2014 at 01:12:09AM +0200, Kristian K. Nielsen wrote:
M> > K> a) First of all - are any actively developing pf in FreeBSD?
M> >
M> > No one right now.
M> >
M>
M> How do we fix this? Can the FreeBSD Foundati
July 18 2014 6:07 AM, "Gleb Smirnoff" wrote:
> Kristian,
>
> On Thu, Jul 17, 2014 at 01:12:09AM +0200, Kristian K. Nielsen wrote:
> K> a) First of all - are any actively developing pf in FreeBSD?
>
> No one right now.
>
How do we fix this? Can the FreeBSD Foundation step in and provide fundi
On Fri, 18 Jul 2014 15:06:45 +0400 Gleb Smirnoff
wrote about Re: Future of pf / firewall in FreeBSD ? - does it have one ?:
GS> The pf mailing list is about a dozen of active people. Yes, they are
GS> vocal on the new syntax. But there also exist a large number of common
GS> FreeBSD
Gleb Smirnoff wrote, On 07/18/2014 13:06:
[...]
The pf mailing list is about a dozen of active people. Yes, they are vocal
on the new syntax. But there also exist a large number of common FreeBSD
users who simply use pf w/o caring about syntax and reading pf mailing
list. If we destroy the synt
I would like to see an updated version of pf. I realize its a big job to
port it though
On 17 July 2014 00:12, Kristian K. Nielsen wrote:
> Hi all,
>
> I have been encouraged by people on the pf-mailinglist to move this
> discussion to the current mailinglist since this may be an area in the OS
Kristian,
On Thu, Jul 17, 2014 at 01:12:09AM +0200, Kristian K. Nielsen wrote:
K> a) First of all - are any actively developing pf in FreeBSD?
No one right now.
K> b) We are a major release away from OpenBSD (5.6 coming soon) - is
K> following OpenBSD's pf the past? - should it be?
Following
Hi!
> * Should this or could this be a project for the foundation to either do
> a summer project or funded project to bring this part of the OS up to date?
My 2 cents: Yes, this should be tackled by a dedicated project, even
better if funded by the foundation.
--
p...@opsec.eu+49
95 matches
Mail list logo