From owner-freebsd-pf@FreeBSD.ORG Sat Jan 21 23:37:56 2012 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F1B9106566B; Sat, 21 Jan 2012 23:37:56 +0000 (UTC) (envelope-from Greg.Hennessy@nviz.net) Received: from mail2.jellyfishnet.co.uk (mail2.jellyfishnet.co.uk [93.91.20.10]) by mx1.freebsd.org (Postfix) with ESMTP id 31FFE8FC12; Sat, 21 Jan 2012 23:37:56 +0000 (UTC) Received: from pemexhub01.jellyfishnet.co.uk.local (93.91.20.3) by mail2.jellyfishnet.co.uk (93.91.20.10) with Microsoft SMTP Server (TLS) id 8.1.436.0; Sat, 21 Jan 2012 23:27:01 +0000 Received: from PEMEXMBXVS04.jellyfishnet.co.uk.local ([192.168.65.52]) by pemexhub01.jellyfishnet.co.uk.local ([192.168.65.7]) with mapi; Sat, 21 Jan 2012 23:25:57 +0000 From: Greg Hennessy To: =?iso-8859-1?Q?Ermal_Lu=E7i?= , Walt Elam Date: Sat, 21 Jan 2012 23:26:58 +0000 Thread-Topic: Getting Involved Thread-Index: AczYXxItxc9+z2S0RyOncUWVpDUYVQAMsJsw Message-ID: <9EB23F6C23A8B6488E8BCC92A48E832612A5BC03A9@PEMEXMBXVS04.jellyfishnet.co.uk.local> References: In-Reply-To: Accept-Language: en-US, en-GB Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US, en-GB Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Cc: "freebsd-pf@freebsd.org" Subject: RE: Getting Involved X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jan 2012 23:37:56 -0000 > > > There is one catch. > FreeBSD does not want to break compatibility of old syntax and that is wh= y > i did not port the latest version of pf(4). Shades of the versioning/maintenance issues surrounding putting Perl in the= base way back in the day.=20 > What is there now makes it 'trivial' to go to the latest pf(4) version in Does that include the performance improvements which came with new version?= =20 Would be interesting to know what impact if any they would have on the Free= BSD PF port.=20 > Open but there needs to be a layer of translation > for the old syntax to new syntax. As a one off translation when someone upgrades Major version numbers to the= FreeBSD version hosting the new PF code?=20 Or run every time when someone loads the security policy for now and the fo= reseeable future?=20 > That is the only reason its not been done. I can see the issues, hope it's not intractable.=20 The new syntax is a significant improvement, shame about lack of thought gi= ven to backward compatibility.=20 =20 With your expert knowledge on this Ermal, is it possible to run both old a= nd new PF parsers in there to generate a policy which would run against the= newer packet filtering engine code? Defaulting to the old syntax, with say something like a ' later_pf_enable= =3D"yes"'' in rc.conf or a single 'use' line at the top of pf.conf to switc= h to the new syntax?=20 Regards Greg =20