Hallo Ernie,

Ernie Zingleman schrieb am 29. March 2005:

>Great suggestion on OpenBSD Packet Filter in m0n0wall...

The pfsense project already does that on the basis of (why?) FreeBSD.

. pf is an OpenBSD development
making it's way into the other BSD-branches. The current ipfw and
ipfilter look as if they are going to be replaced by pf in the future,
so eventually this will be like the FBSD 4.10 issue: it's simply
deprecated and no longer developed, so people will have to switch over
eventually.

To my understanding a lot of work has gone into the change from FBSD
4.10 to 5.3 and of course nobody wants this to have been invain. On
the other hand I see one more huge leap on the horizon: pf. If (I
cannot know for sure) everything points into that direction, it would
make kind of sense to at least consider using the original, where it
all came from.

There is another thing, that may not have caught too much attention:
it's CARP (Common Address Redundancy Protocol), which would be a GREAT
feature for embedded PCs (the primary platform of m0n0wall). Not only
it provides failsafe, but also load-balancing, something like a
"cluster" of multiple cheap machines all working together.

>not sure if the developers are considering this or what difficulties
>would be involved.

That's why I am asking. I cannot know the reasons for the current
platform, there might very well be killer-arguments against a change
to another BSD.

>Stupid question here....Does it necessarily mean dumping FreeBSD 5.x
>as the OS?

There are other BSD branches out there, they are related but more or
less different. About anything running on FBSD can be compiled on OBSD
and vice versa. Except a leap to OBSD would really be huge, as ipfw
and ipfilter will not work there (only pf). Since pf already found
it's way into FBSD now, this change to pf will (IMHO) only be a matter
of time.

>While I'm not doing the development work, it does sound like a great
>next step!

It might simply be too huge of an undertaking.

Regards   Frederick