From owner-freebsd-net@FreeBSD.ORG Sat Apr 13 17:43:19 2013 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id A78F4A8C; Sat, 13 Apr 2013 17:43:19 +0000 (UTC) (envelope-from rpaulo@FreeBSD.org) Received: from felyko.com (felyko.com [174.136.100.2]) by mx1.freebsd.org (Postfix) with ESMTP id 9166DDC3; Sat, 13 Apr 2013 17:43:19 +0000 (UTC) Received: from [IPv6:2601:9:4d00:3c:551a:f107:2184:3cc5] (unknown [IPv6:2601:9:4d00:3c:551a:f107:2184:3cc5]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by felyko.com (Postfix) with ESMTPSA id A8BF33981E; Sat, 13 Apr 2013 10:43:12 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.3 \(1503\)) Subject: Re: ipfilter(4) needs maintainer From: Rui Paulo In-Reply-To: <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> Date: Sat, 13 Apr 2013 10:43:11 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> To: Scott Long X-Mailer: Apple Mail (2.1503) Cc: "current@freebsd.org" , "net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Apr 2013 17:43:19 -0000 On 2013/04/13, at 5:03, Scott Long wrote: > You target audience for this isn't people who track CURRENT, it's = people who are on 7, 8, or 9 and looking to update to 10.x sometime in = the future. Yes, I'm aware of that, but the problem remains. If ipfilter is broken = or gets broken because of the networking stack changes, we'll have to = fix it to keep the deprecation path going... >>> So with that said, would it be possible to write some tutorials on = how to migrate an ipfilter installation to pf? Maybe some mechanical = syntax docs accompanied by a few case studies? Is it possible for a = script to automate some of the common mechanical changes? Also = essential is a clear document on what goes away with ipfilter and what = is gained with pf. Once those tools are written, I suggest announcing = that ipfilter is available but deprecated/unsupported in FreeBSD 10, and = will be removed from FreeBSD 11. Certain people will still pitch a fit = about it departing, but if the tools are there to help the common users, = you'll be successful in winning mindshare and general support. >>=20 >>=20 >> It's not very difficult to switch an ipf.conf/ipnat.conf to a = pf.conf, but I'm not sure automated tools exist. I'm also not convinced = we need to write them and I think the issue can be deal with by writing = a bunch of examples on how to do it manually. Then we can give people 1y = to switch. >>=20 >=20 > Please believe me that no matter how trivial you think the switch is, = a migration guide still needs to be written. A migration *guide*, yes. Tools to convert one syntax to another: no. Regards, -- Rui Paulo