Re: Removing PF

[Brian Buhrow <buhrow%nfbcal.org@localhost>]

	Hello.  I will examine the documentation for npf again, but here are
the issues I think we should resolve with npf before we rip out pf or ipf.


1.  The documentation for npf is still pretty incomplete.  The example
files are there, but the comments, the last time I looked, were not as
complete as I think they should be.    The man pages should also explain
the syntax of the configuration files in more detail, again with examples.
The features available in npf should be more fully enumerated.  It does me
no good to have a feature in npf if I don't know if it exists or how to use
it.  The recent example of mss clamping in the mailing list being an
example.  Maxine says that feature exists, but Patrick says he doesn't know
how to use it and he didn't even know it was there.

2.  For me to use npf at all, I absolutely need to have the
route-through/reply-to feature.  Pf has that feature.  I have 2
choices at this point if I want to continue using NetBSD as a routing
system: Keep pf working and performant in modern versions of NetBSD on my
own or teach npf how to do route-through/reply-to. Or, I could switch OS's.
How many other users/developers are in this position?    I don't think we
know.

3.  The announcement should be included in the NetBSD-8 documentation to
say that pf and ipf are deprecated in NetBSD-8 and will be removed in
NetBSD-9.  In my view, it is insufficient to only include an announcement
like this in the -current documentation.  It should be added to the
last_minute and major changes file for NetBSD-8.


-Brian


On Mar 29,  8:19pm, Matt Sporleder wrote:
} Subject: Re: Removing PF
} 
} 
} What features, exactly, are missing?
>-- End of excerpt from Matt Sporleder