On Mon, Apr 01, 2019 at 03:17:06PM +0200, Jarom??r Dole??ek wrote: > > In either case, let's return to a constructive discussion, and see > what needs to be done. NPF-only is the future, so let's get to that > future.
I strongly agree. > In the past discussion, I've only seen people mentioning only two > features missing in NPF and present in PF: > > 1. ftp-proxy support - Maxime volunteered to implement this in NPF, > I'm sure help there would be welcome We all owe maxv a debt of gratitude for this one! > 2. group support for config (mentioned by Manuel) - anyone feels like taking? > - ??it might be enough to have some kind of config preprocessor > initially if that's easier to do?? > > Is there anything else? There is, unfortunately, and it highlights an embarassing lack. Because we have not pulled in a new PF in so long, and didn't want to tie ALTQ to PF anyhow, unless I've missed something big we have *no* firewall/ALTQ integration (and are stuck at an ancient ALTQ version besides, because trunk ALTQ had its built-in classifiers replaced with calls to PF). If we are going to converge on a single filter implementation, ideally that ought to be fixed. I believe this is https://wiki.netbsd.org/projects/project/altq/ . Thor
