Re: Removing PF

[Thor Lancelot Simon <tls%panix.com@localhost>]

On Mon, Apr 01, 2019 at 03:17:06PM +0200, Jarom??r Dole??ek wrote:
> 
> In either case, let's return to a constructive discussion, and see
> what needs to be done. NPF-only is the future, so let's get to that
> future.

I strongly agree.

> In the past discussion, I've only seen people mentioning only two
> features missing in NPF and present in PF:
> 
> 1. ftp-proxy support - Maxime volunteered to implement this in NPF,
> I'm sure help there would be welcome

We all owe maxv a debt of gratitude for this one!

> 2. group support for config (mentioned by Manuel) - anyone feels like taking?
>       - ??it might be enough to have some kind of config preprocessor
> initially if that's easier to do??
> 
> Is there anything else?

There is, unfortunately, and it highlights an embarassing lack.  Because we
have not pulled in a new PF in so long, and didn't want to tie ALTQ to PF
anyhow, unless I've missed something big we have *no* firewall/ALTQ
integration (and are stuck at an ancient ALTQ version besides, because trunk
ALTQ had its built-in classifiers replaced with calls to PF).  If we are
going to converge on a single filter implementation, ideally that ought
to be fixed.

I believe this is https://wiki.netbsd.org/projects/project/altq/ .

Thor