They've recently forked their open and closed source products, so a lot of people have been migrating to OPNSense. I've been using it for a couple months now and recommend it.

Same. I didn't really care for open-source-ness or for the anti-OPNsense smear campaigns as much, but when they announced they were EOLing the product I used I jumped ship to OPNsense too.

It does everything my pfSense install did and then some. Eg DNS blocking and IP blocking are built-in instead of needing a pfblockerng-style plugin.

The only thing I've found worth complaining about is the accordion sidebar UI thing makes it hard to middle-click-open new browser tabs, because it's not obvious which entries in the sidebar are actual pages and which are fake hyperlinks that just expand the accordion submenu.

Netgate funds a lot of FreeBSD work, and employs FreeBSD committers. I certainly wouldn't describe them as hostile to open source.

It seems clear to me this is a case of passionate coders with different personalities struggling with the difficult work of human communication in a world with limited resources and time.

No one has to be the bad guy here or end up hostile to open source.

They can be a touch snotty towards developers who aren't freebsd committees.

I think every project has people like that. I can think of some open source projects which are led by people with attitude problems.

Real subtle, Colin.

I mean, Linus has openly acknowledged that he has behaved unprofessionally in the emails he sends to people who are trying to contribute. There isn't anything secret here.

LOL, my first thought was that you were talking about Theo.

I think he was. :)

Btw. great gathering of people with a *BSD background or friends :-)

I think, we all should be way more cool headed. Email doesn't contain the tone and it is very easy to formulate something in a bad way when exhausted or upset. Some people use very strong words that considering their usual style aren't nearly as strong in reality.

In this case, the great question is, how did such a bad code (according to Jason) land in the code base at all? Don't other people look at it? Do the FreeBSD developers ignore concerns of other fellow developers until it blows up to beyond community communication circles?

It makes sense to me. As I understand the FreeBSD mailing list posts, it was commissioned commercially, to add a feature to NetGate products.

Must have: in-kernel WireGuard for NetGate products.

Nice-to-have: a general-purpose FreeBSD kernel WireGuard.

The scope crept, and a piece of code that might have been fit for some purpose (whatever limitations NetGate has for its network stack, like "no jumbo frames", etc) was recast as fit for all purposes.

I guess Colin would have some insight about the process by which a ports-grade kernel module gets put on track for release in the kernel itself.

My take on this is that absolutely no part of the development process that led up to this is Jason's problem. It is not Jason's job to understand or assist or comply with NetGate's product development process; his concern seems to have been, justifiably, exclusively the proposed FreeBSD OS feature. I get the sense that a lot of the friction here comes from pfSense-types thinking that any part of pfSense is everyone's problem.

Thank you for the reply. Yes, I understand Jason is basically only involved as "I have looked at this thing you propose/ have in FreeBSD and I don't like what I see, let me improve/ discuss further plans".

My question basically is: "How is it possible, the code of such quality was even seriously included in a branch of FreeBSD that would have been released if nobody would step in?" (That is if I understand the whole thing correctly and Jason's assessment is correct.)

I also think, if you dedicate something like 5 years of your life solely to kernel C implementations of a single protocol, it's probably a lot easier for you to spot problems than it is for an arbitrary FreeBSD developer.

Short answer: With a very small number of exceptions, we trust FreeBSD developers to exercise good judgement in obtaining review and ensuring the quality of the code they commit. The FreeBSD project is selective in whom it gives commit bits to, and we have a mentoring process which further ensures that developers understand the norms.

This system isn't foolproof, but it generally works very well. There have been discussions about moving to a "mandatory review" model, but there is concern that this might overly slow down development in the context of a volunteer-run project.

Perhaps entitled is the right word then.

Maybe. It's not necessarily without reason -- if you make a lot of contributions and they are generally very well received, it's quite sensible to anticipate that further contributions will be equally well received and to be surprised if they're not.

This was made worse by the unfortunate timing -- the final release candidate is just 3 days away. Any other time, we would have gone slower, had more discussion, et cetera; unfortunately this turned into an emergency.

I didn't know that. That's kind of awesome.

I was about to buy a netgate router when I read the background of everything here on HN.

Basically, all the opensource claims don't amount to a hill of beans, because you cannot compile pfsense yourself, even for their hardware.

(I'm sure someone could come up with the link)

The firewall should be the ONE place where this would be critical. You have to run their binary.

I also think it phones home.