DragonFly kernel List (threaded) for 2005-02
037632.9040502@xxxxxxx> <4203b709$0$718$415eb37d@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <420499A1.5070801@xxxxxxx>
Content-Type: text/plain; charset=us-ascii
X-Trace: 1108233786 crater_reader.dragonflybsd.org 715 220.127.116.11
Xref: crater_reader.dragonflybsd.org dragonfly.kernel:7693
Yury Tarasievich wrote:
> Jeffrey Hsu wrote:
>> Luigi removed ipfw1 in FreeBSD a long time ago. Now there's just ipfw2,
>> which is
>> backwards compatible w/ ipfw1, faster, and has additional functionality
>> over ipfw1.
> Right, right... And gets the job done, too. That's precisely why I'm
> against removing it (ipfw2 as part of "general ipfw removal", and in
> general any part which works) without good reason (not "because now we
> have pf").
There are good reasons to remove things "that work" as you are saying.
First, if you have 3 ways to do the same thing, this gives 3 times more work
to the developers to maintain the stuff in view of the evolutions elsewhere
(which often requires patching each of the 3 programs).
Second it introduces confusion for the users who have to choose between
the 3 programs, without knowing which is the best, while they would be
much happier that the developers choose for them.
Third it gives the impression of un unmaintained and crappy codebase, and
this is bad. Let us look at the 3 firewall packages in FreeBSD-5.3. Only
one of them has been fine grained locked, i.e. pf. At the same time pf
is coupled with altq which is notoriously the best traffic shaping utility
available in FreeBSD. Conclusion, ipfilter and ipfw2 are clearly
deprecated. Of course this is none of my business, but i suspect that
Dragonflybsd developers who are less numerous than Freebsd ones,
are even less inclined to maintain stuff which appears of secondary