From owner-freebsd-pf@FreeBSD.ORG  Sun Jan  4 04:00:56 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5AADD1065670
	for <freebsd-pf@freebsd.org>; Sun,  4 Jan 2009 04:00:56 +0000 (UTC)
	(envelope-from bryanalves@gmail.com)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.183])
	by mx1.freebsd.org (Postfix) with ESMTP id 2E6588FC16
	for <freebsd-pf@freebsd.org>; Sun,  4 Jan 2009 04:00:56 +0000 (UTC)
	(envelope-from bryanalves@gmail.com)
Received: by wa-out-1112.google.com with SMTP id m34so3839293wag.27
	for <freebsd-pf@freebsd.org>; Sat, 03 Jan 2009 20:00:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:mime-version:content-type;
	bh=vFmcHMDqJkyYqVtqYZN3lD6526K334r3mTOd3EM+q5A=;
	b=D+QjggMPd+BFIGfUuTuTxplnX/T8U/34meUOC6GfbmDGX4sVEe80Gmqasyw2RVeEut
	9ukx5Wxty7Oghsg0FK8XwAploQ1EAAxDgXh348opn0DvHMml40ltEU3+r53NjjkzDtHm
	KSt4jA0r3eFW2WeJN1zXNzWLkFG7d/yTxlJps=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type;
	b=orKW1k6On/DypyfSGP0eBYJmyyEdNAbb7bdRcoxxmOgjLro+a11GW0g1ubRY04lwwl
	dPY1zO4flYFu5LAWLtXNi1muT76sIH4bbUe2efOXVvN+n+GlmUhcQCE6MIOggkrDYACu
	XBsZmtCxczNwLiOWC8ZF80aoc17Zb3LbqrmLY=
Received: by 10.115.16.14 with SMTP id t14mr12857922wai.185.1231039731182;
	Sat, 03 Jan 2009 19:28:51 -0800 (PST)
Received: by 10.114.155.13 with HTTP; Sat, 3 Jan 2009 19:28:51 -0800 (PST)
Message-ID: <92f477740901031928m373dfed5v2033542fdbd2769c@mail.gmail.com>
Date: Sat, 3 Jan 2009 22:28:51 -0500
From: "Bryan Alves" <bryanalves@gmail.com>
To: freebsd-pf@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Subject: Using PF ALTQ to schedule NAT jail traffic
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Jan 2009 04:00:56 -0000

I'm using a FreeBSD box to do the routing, NAT, and firewall duties for my
home network.  There are also a couple of jails located on the machine,
providing various services.  One of these jails is running a torrent client
24/7.  I isolated the torrent client to a jail in an attempt to more
effectively schedule packets going to and from it.

However, I'm having problems properly tagging packets that are originating
from the jail destined for the internet.

First, my ifconfig:

-------------------------
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 9000
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:1b:21:29:b0:b0
        inet 192.168.10.1 netmask 0xffffff00 broadcast 192.168.10.255
        inet 192.168.10.200 netmask 0xffffffff broadcast 192.168.10.200
        inet 192.168.10.201 netmask 0xffffffff broadcast 192.168.10.201
        inet 192.168.10.202 netmask 0xffffffff broadcast 192.168.10.202
        inet 192.168.10.203 netmask 0xffffffff broadcast 192.168.10.203
        inet 192.168.10.204 netmask 0xffffffff broadcast 192.168.10.204
        media: Ethernet 1000baseTX <full-duplex>
        status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
        ether 00:1b:21:29:b0:ab
        inet 173.48.75.167 netmask 0xffffff00 broadcast 173.48.75.255
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
------------------------------


And now my current PF rules:

---------------------------------------------
ext_if          = "em1"

int_if          = "em0"
localnet        = $int_if:network
torrent_ports   = "57100:57199"
web_ports       = "81"
gateway         = "192.168.10.1"
httpd_jail      = "192.168.10.200"
samba_jail      = "192.168.10.201"
slimserver_jail = "192.168.10.202"
torrent_jail    = "192.168.10.203"
desktop         = "192.168.10.111"

set loginterface $ext_if
scrub on $ext_if

altq on $ext_if bandwidth 4550Kb hfsc queue { q_high, q_med, q_low }
  queue q_high        bandwidth 25% priority 6 qlimit 250 hfsc
  queue q_med         bandwidth 45% priority 4 qlimit 250 hfsc (default)
  queue q_low         bandwidth 30% priority 3 qlimit 500 hfsc

nat on $ext_if from $localnet to any -> ($ext_if)

#Port Forwards
rdr on $ext_if proto tcp from any to any port ssh            -> $gateway
rdr on $ext_if proto tcp from any to any port $web_ports     -> $httpd_jail
rdr on $ext_if proto tcp from any to any port $torrent_ports ->
$torrent_jail

#Nat Reflection
rdr on $int_if proto tcp from $localnet to $ext_if port ssh -> $gateway
rdr on $int_if proto tcp from $localnet to $ext_if port $web_ports ->
$httpd_jail
no nat on $int_if proto tcp from $int_if to $localnet
nat on $int_if proto tcp from $localnet to $gateway port ssh -> $int_if
nat on $int_if proto tcp from $localnet to $httpd_jail port $web_ports ->
$int_if

antispoof for $ext_if
#block in quick on $ext_if from <blacklisted> to any
block log all

pass on lo0

#Allow all LAN traffic
pass in on $int_if from $localnet to any keep state
pass out on $int_if from any to $localnet keep state
#Tag special traffic so it gets queued right
pass in on $int_if from $desktop      to any tag DESKTOP
pass in on $int_if from $torrent_jail to any tag TORRENT
pass in on $int_if from $httpd_jail   to any tag HTTPD

#In on ext_if
pass in on $ext_if proto tcp          from any to $httpd_jail   port
$web_ports     keep state     queue (q_high)
pass in on $ext_if proto { tcp, udp } from any to $torrent_jail port
$torrent_ports keep state     queue (q_low)
pass in on $ext_if proto tcp          from any to any           port
ssh            modulate state queue (q_high)
pass in on $ext_if proto gre          from any to
any                               keep state     queue (q_high)
pass in on $ext_if proto tcp          from any to any           port
pptp           keep state     queue (q_high)

#Out on ext_if
pass out on $ext_if proto tcp           all modulate state queue (q_med)
pass out on $ext_if proto { udp, icmp } all keep state     queue (q_med)
pass out on $ext_if proto gre           all keep state     queue (q_high)
#Queue tagged traffic
pass out on $ext_if proto { tcp, udp } from any to any tagged TORRENT queue
(q_low)
pass out on $ext_if from any to any tagged DESKTOP queue (q_high)
pass out on $ext_if from any to any tagged HTTPD   queue (q_high)
------------------------------------------------

The behavior of tagging NAT traffic so that it gets queued on the outside
interface works correctly in the case of the DESKTOP tag, which is a
different physical machine.  No packets pass through the firewall and get
tagged with either TORRENT or HTTPD, however.  Torrent traffic from
192.168.10.203 which originates from the jail passes through on the "pass
out on $ext_if proto tcp all modulate state queue (q_med) rule instead,
since it wasn't tagged on it's way through the NAT.  The 2nd "in on ext_if"
rule properly catches packets and puts them into the right queue, and
statefully the responses from these pass through it as well.  It's the
packets that non-statefully originate from the jail that I can't catch.

I suspect this has something to do with jail using lo0 to manage the
traffic, but I'm not sure how to fix it.  I tried to tcpdump the lo0, em1,
and em0 interfaces to find this traffic, but I can't find the traffic at all

How can I modify my rules and/or aliases so that I can properly tag all
traffic that originates from a specific jail?

From owner-freebsd-pf@FreeBSD.ORG  Mon Jan  5 11:06:56 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id EF9C81065676
	for <freebsd-pf@FreeBSD.org>; Mon,  5 Jan 2009 11:06:56 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id DC9A48FC24
	for <freebsd-pf@FreeBSD.org>; Mon,  5 Jan 2009 11:06:56 +0000 (UTC)
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n05B6uSC002875
	for <freebsd-pf@FreeBSD.org>; Mon, 5 Jan 2009 11:06:56 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n05B6uHP002871
	for freebsd-pf@FreeBSD.org; Mon, 5 Jan 2009 11:06:56 GMT
	(envelope-from owner-bugmaster@FreeBSD.org)
Date: Mon, 5 Jan 2009 11:06:56 GMT
Message-Id: <200901051106.n05B6uHP002871@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: gnats set sender to
	owner-bugmaster@FreeBSD.org using -f
From: FreeBSD bugmaster <bugmaster@FreeBSD.org>
To: freebsd-pf@FreeBSD.org
Cc: 
Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Jan 2009 11:06:58 -0000

Note: to view an individual PR, use:
  http://www.freebsd.org/cgi/query-pr.cgi?pr=(number).

The following is a listing of current problems submitted by FreeBSD users.
These represent problem reports covering all versions including
experimental development code and obsolete releases.


S Tracker      Resp.      Description
--------------------------------------------------------------------------------
o kern/129861  pf         [pf] [patch] Argument names reversed in pf_table.c:_co
o kern/129060  pf         [pf] [tun] pf doesn't forget the old tun IP
o kern/127920  pf         [pf] ipv6 and synproxy don't play well together
o conf/127814  pf         [pf] The flush in pf_reload in /etc/rc.d/pf does not w
o conf/127511  pf         [patch] /usr/sbin/authpf: add authpf folders to BSD.ro
o kern/127439  pf         [pf] deadlock in pf
o kern/127345  pf         [pf] Problem with PF on FreeBSD7.0 [regression]
o kern/127121  pf         [pf] [patch] pf incorrect log priority
o kern/127042  pf         [pf] [patch] pf recursion panic if interface group is 
o kern/125467  pf         [pf] pf keep state bug while handling sessions between
s kern/124933  pf         [pf] [ip6] pf does not support (drops) IPv6 fragmented
o kern/124364  pf         [pf] [panic] Kernel panic with pf + bridge
o kern/122773  pf         [pf] pf doesn't log uid or pid when configured to
o kern/122014  pf         [pf] [panic] FreeBSD 6.2 panic in pf
o kern/121704  pf         [pf] PF mangles loopback packets
o kern/120281  pf         [pf] [request] lost returning packets to PF for a rdr 
o kern/120057  pf         [pf] [patch] Allow proper settings of ALTQ_HFSC. The c
o bin/118355   pf         [pf] [patch] pfctl(8) help message options order false
o kern/114567  pf         [pf] LOR pf_ioctl.c + if.c
o kern/114095  pf         [carp] carp+pf delay with high state limit
o kern/111220  pf         [pf] repeatable hangs while manipulating pf tables
s conf/110838  pf         [pf] tagged parameter on nat not working on FreeBSD 5.
o kern/93825   pf         [pf] pf reply-to doesn't work
o sparc/93530  pf         [pf] Incorrect checksums when using pf's route-to on s
o kern/92949   pf         [pf] PF + ALTQ problems with latency
o kern/82271   pf         [pf] cbq scheduler cause bad latency

26 problems total.


From owner-freebsd-pf@FreeBSD.ORG  Fri Jan  9 21:02:29 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C86E51065670
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 21:02:29 +0000 (UTC)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.freebsd.org (Postfix) with ESMTP id 81BFC8FC0C
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 21:02:29 +0000 (UTC)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1LLOUu-0001T8-TD
	for freebsd-pf@freebsd.org; Fri, 09 Jan 2009 21:02:28 +0000
Received: from p4fe5cdd3.dip.t-dialin.net ([79.229.205.211])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 09 Jan 2009 21:02:28 +0000
Received: from jumper99 by p4fe5cdd3.dip.t-dialin.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 09 Jan 2009 21:02:28 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-pf@freebsd.org
From: "Helmut Schneider" <jumper99@gmx.de>
Date: Fri, 9 Jan 2009 22:02:16 +0100
Lines: 11
Message-ID: <gk8e0o$6b3$1@ger.gmane.org>
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: p4fe5cdd3.dip.t-dialin.net
X-MSMail-Priority: Normal
X-Newsreader: vi with a tiny GUI...
X-MimeOLE: Huh, what?!
Sender: news <news@ger.gmane.org>
Subject: Version >= 4.3
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2009 21:02:30 -0000

Hi,

since 4.3 and above finally support include-statements does anyone know a 
roadmap when FreeBSD will switch from 4.1 to >= 4.3?

Thanks, Helmut

-- 
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn 



From owner-freebsd-pf@FreeBSD.ORG  Fri Jan  9 21:18:17 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B6024106566B
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 21:18:17 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from moutng.kundenserver.de (moutng.kundenserver.de
	[212.227.126.186])
	by mx1.freebsd.org (Postfix) with ESMTP id 4AF458FC0C
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 21:18:17 +0000 (UTC)
	(envelope-from max@love2party.net)
Received: from vampire.homelinux.org (dslb-088-066-053-050.pools.arcor-ip.net
	[88.66.53.50])
	by mrelayeu.kundenserver.de (node=mrelayeu6) with ESMTP (Nemesis)
	id 0ML29c-1LLOkC07Mj-00029B; Fri, 09 Jan 2009 22:18:16 +0100
Received: (qmail 31978 invoked from network); 9 Jan 2009 21:18:15 -0000
Received: from fbsd8.laiers.local (192.168.4.151)
	by ns1.laiers.local with SMTP; 9 Jan 2009 21:18:15 -0000
From: Max Laier <max@love2party.net>
Organization: FreeBSD
To: freebsd-pf@freebsd.org
Date: Fri, 9 Jan 2009 22:18:14 +0100
User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; )
References: <gk8e0o$6b3$1@ger.gmane.org>
In-Reply-To: <gk8e0o$6b3$1@ger.gmane.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200901092218.15401.max@love2party.net>
X-Provags-ID: V01U2FsdGVkX19VdsXWCxDyWdcLL7VskH76kWYmbNJFwQpEVl5
	ejQy6Z039DEu9ntLllhbyMJozD58QLHtwiQ1KzOk6seErfRar3
	rlqJZhnZ3gTR2UfcVu/XA==
Cc: 
Subject: Re: Version >= 4.3
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2009 21:18:18 -0000

On Friday 09 January 2009 22:02:16 Helmut Schneider wrote:
> since 4.3 and above finally support include-statements does anyone know a
> roadmap when FreeBSD will switch from 4.1 to >= 4.3?

Short answer: As in any volunteer project, when somebody does the work.

Longer answer: I did import the vendor code into subversion with the general 
plan to import a newer version into Current, but my free time is rather 
limited these days and I probably won't get to it for quite some time.

I might be able to work on it in late February, early March ... though I'm not 
sure I can afford to do it without funding.  I'll have to look into that after 
my current projects are mature enough to figure out when exactly I'll have an 
opening.

-- 
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

From owner-freebsd-pf@FreeBSD.ORG  Fri Jan  9 22:09:26 2009
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2037710656C7
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 22:09:26 +0000 (UTC)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.freebsd.org (Postfix) with ESMTP id CBCFC8FC2A
	for <freebsd-pf@freebsd.org>; Fri,  9 Jan 2009 22:09:25 +0000 (UTC)
	(envelope-from gofdp-freebsd-pf@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1LLPXg-0003yc-8i
	for freebsd-pf@freebsd.org; Fri, 09 Jan 2009 22:09:24 +0000
Received: from p4fe5cdd3.dip.t-dialin.net ([79.229.205.211])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 09 Jan 2009 22:09:24 +0000
Received: from jumper99 by p4fe5cdd3.dip.t-dialin.net with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-pf@freebsd.org>; Fri, 09 Jan 2009 22:09:24 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-pf@freebsd.org
From: "Helmut Schneider" <jumper99@gmx.de>
Date: Fri, 9 Jan 2009 23:09:14 +0100
Lines: 23
Message-ID: <gk8hub$ka7$1@ger.gmane.org>
References: <gk8e0o$6b3$1@ger.gmane.org>
	<200901092218.15401.max@love2party.net>
Mime-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: p4fe5cdd3.dip.t-dialin.net
X-MSMail-Priority: Normal
X-Newsreader: vi with a tiny GUI...
X-MimeOLE: Huh, what?!
Sender: news <news@ger.gmane.org>
Subject: Re: Version >= 4.3
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Jan 2009 22:09:26 -0000

Max Laier <max@love2party.net> wrote:
> On Friday 09 January 2009 22:02:16 Helmut Schneider wrote:
>> since 4.3 and above finally support include-statements does anyone know a
>> roadmap when FreeBSD will switch from 4.1 to >= 4.3?
>
> Short answer: As in any volunteer project, when somebody does the work.
>
> Longer answer: I did import the vendor code into subversion with the
> general  plan to import a newer version into Current, but my free time
> is rather  limited these days and I probably won't get to it for quite
> some time.
>
> I might be able to work on it in late February, early March ... though
> I'm not  sure I can afford to do it without funding.  I'll have to look
> into that after  my current projects are mature enough to figure out
> when exactly I'll have an  opening.

I know one can't buy much from words but thanks for your efforts.

-- 
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn