Re: Removing PF

[Patrick Welche <prlw1%cam.ac.uk@localhost>]

On Mon, Apr 01, 2019 at 03:33:36PM +0100, Stephen Borrill wrote:
> On Mon, 1 Apr 2019, Jaromír Dole?~Mek wrote:
> > Le lun. 1 avr. 2019 à 14:32, Stephen Borrill <netbsd%precedence.co.uk@localhost> a écrit :
> > > Your two statements are mutually inconsistent:
> > > 1) No-one is maintaining ipf or pf
> > > and
> > > 2) If the effort had been on one firewall instead of three, the one chosen
> > > would be more functional.
> > 
> > IMO it's consistent - if we had one, it would be clear to which one to
> > contribute, and clear if the feature is really missing and working.
> > i.e. nobody contributes anything because they don't know to which of
> > the firewalls to contribute.
> > 
> > In either case, let's return to a constructive discussion, and see
> > what needs to be done. NPF-only is the future, so let's get to that
> > future.
> > 
> > In the past discussion, I've only seen people mentioning only two
> > features missing in NPF and present in PF:
> > 
> > 1. ftp-proxy support - Maxime volunteered to implement this in NPF,
> > I'm sure help there would be welcome
> > 2. group support for config (mentioned by Manuel) - anyone feels like taking?
> >      - ??it might be enough to have some kind of config preprocessor
> > initially if that's easier to do??
> > 
> > Is there anything else?
> 
> The canonical, but not necessarily complete, lists are:
> 
> http://cvsweb.netbsd.org/bsdweb.cgi/src/doc/TODO.npf
> 
> https://www.netbsd.org/~rmind/npf/__tasklist.html

http://gnats.netbsd.org/53199

Installed another 2 new servers with ipf after having tried and failed to
convert a trivial ruleset to npf.