From owner-freebsd-current@FreeBSD.ORG Tue Nov 20 12:24:58 2012 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 006056A3 for ; Tue, 20 Nov 2012 12:24:57 +0000 (UTC) (envelope-from olivier@gid0.org) Received: from mail-la0-f54.google.com (mail-la0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 67D338FC14 for ; Tue, 20 Nov 2012 12:24:56 +0000 (UTC) Received: by mail-la0-f54.google.com with SMTP id j13so5595457lah.13 for ; Tue, 20 Nov 2012 04:24:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=dzNkq0jU/C+ChTRqYh+4p6C0YaoOplUThSI+uzGEvx4=; b=UlxXQB3Fnr+riKCMQcvjeeJBagF7Y4ylspbJAJ4c1d5GkpwRMlHlKCp0F1arEoO7sC KwSuxAC42q101Oud1vX5sW2UwGD7xy+Kt1RN502PiiU3PXE4nEzcFb6iJb8AtrcuO6mS mSEi87uCc184s/lyFS8YDpZi9d21WwXp9etO0zaiL/owcGp7ytavRyBB4Z3Z/VwFV7Hn ho8d3iOMLDkb44kPAMiO3jqRW0YBKJuaXTsGZY1+QZydk/PKtzngDQ8CeRuCeLGBSkGm oeK0FGWYfz/z/KFFGDXT1G3ydB3obKDtr3hadaFhv4KUK/8pnfn58Sph9Zz3v/J1aeAZ dZVA== MIME-Version: 1.0 Received: by 10.152.106.79 with SMTP id gs15mr14614684lab.31.1353414289870; Tue, 20 Nov 2012 04:24:49 -0800 (PST) Received: by 10.112.24.129 with HTTP; Tue, 20 Nov 2012 04:24:49 -0800 (PST) In-Reply-To: <20121120121333.GB88593@in-addr.com> References: <20121120121333.GB88593@in-addr.com> Date: Tue, 20 Nov 2012 13:24:49 +0100 Message-ID: Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. (Copied from freebsd-pf) From: Olivier Smedts To: Gary Palmer Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQlk7w9rP10Kp0MLYAMj9mJS2fWwlP+L6gAWSWlShG7Pz91EQjibHQnZgJxoyan1fv4eflKR Cc: Paul Webster , freebsd-current@freebsd.org X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Nov 2012 12:24:58 -0000 2012/11/20 Gary Palmer : > On Tue, Nov 20, 2012 at 11:43:04AM +0100, Olivier Smedts wrote: >> 2012/11/20 Paul Webster : >> > I am aware this is a much discussed subject since the upgrade of PF, I >> > believe the final decision was that to many users are used to the old >> > style pf and an upgrade to the new syntax would cause to much confusion. >> >> But a change like this is expected in a new major branch, ie. >> 10-CURRENT. Not so in -STABLE branches of course. I don't see the >> problem here. > > So you don't expect people to upgrade boxes in place? I expect that before upgrading to a *major* version you should read an updating or "what's changed" documentation. > I also guess you've never been 5,000 miles away from a box and typo'd something > in the firewall and locked yourself out. The think how tons of FreeBSD > users would feel if the default pf syntax was changed to be incompatible and > they find themselves in a similar situation after an upgrade. Defaulting to > open, while it could solve the problem (although I would suspect there could > be edge cases where it doesn't), could be bad for other reasons. This already happened to me but, no, not during a major upgrade because I won't do this kind of work without at least someone on-site. > The other question that I haven't seen answered (or maybe even asked), but > is relevant: what do we gain by going to a later version of pf? I.e. as an > administrator, what benefit do I get by having to expend effort converting > my filter rules? > > Gary At some time we'll surely *have* to upgrade our pf, because the legacy version won't be supported upstream. I say that a major release is the most appropriated place for such a change. Another question : how did OpenBSD managed this change ? Cheers -- Olivier Smedts _ ASCII ribbon campaign ( ) e-mail: olivier@gid0.org - against HTML email & vCards X www: http://www.gid0.org - against proprietary attachments / \ "Il y a seulement 10 sortes de gens dans le monde : ceux qui comprennent le binaire, et ceux qui ne le comprennent pas."