From owner-svn-src-projects@freebsd.org Mon Apr 1 07:28:40 2019 Return-Path: Delivered-To: svn-src-projects@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3E15158EC91 for ; Mon, 1 Apr 2019 07:28:40 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 551EE89284; Mon, 1 Apr 2019 07:28:39 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id ArMwh9ox3ldkPArMxhFZho; Mon, 01 Apr 2019 01:28:36 -0600 X-Authority-Analysis: v=2.3 cv=Ko4zJleN c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=8nJEP1OIZ-IA:10 a=oexKYjalfGEA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=9kjIXSS1uQBkUWT0IQoA:9 a=wPNLvfGTeEIA:10 a=-FsMTTDYTgkA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id AE4A728E; Mon, 1 Apr 2019 00:28:33 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x317SWvK076166; Mon, 1 Apr 2019 00:28:33 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x317SWXD076162; Mon, 1 Apr 2019 00:28:32 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201904010728.x317SWXD076162@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Kristof Provost cc: Ed Schouten , src-committers , svn-src-projects@freebsd.org Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl In-Reply-To: Message from Kristof Provost of "Mon, 01 Apr 2019 08:47:16 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Date: Mon, 01 Apr 2019 00:28:32 -0700 X-CMAE-Envelope: MS4wfGSqeA/PmpmBvnSL5CGPtTWw1TIb5dXcMnH94VDPRJyoWiv0MePw8zT50b9XVsmUbDcCxbqgrXlXpO5sq/Bn/PhdBVuwE0SXY47ACFJD7hHts6S83fvX GQ0JCiKmstmef6RYbO6h7N6hhLFY+3FENA8izVfvW5vBVaiYNgqxfDnWZcIYXPtuOAjd28MdIfDrGW3DbrlJ+o2kN8YF/zxgP1XSiJm6hYoQfWF9ABCWNt1D sgK13vFy862eV4NrynV+6NE5DHtdWDLPnS47cBynSfo= X-Rspamd-Queue-Id: 551EE89284 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; MV_CASE(0.50)[]; IP_SCORE(-2.38)[ip: (-6.43), ipnet: 64.59.128.0/20(-3.04), asn: 6327(-2.35), country: CA(-0.09)]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; REPLYTO_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.52)[-0.517,0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[12.134.59.64.list.dnswl.org : 127.0.5.1] X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Apr 2019 07:28:41 -0000 In message , Kristof Provost writes: > > > > On 1 Apr 2019, at 08:39, Ed Schouten wrote: > > > > Op ma 1 apr. 2019 om 07:53 schreef Kristof Provost : > >> Users are advised to migrate to ipf. > > > > Has anyone considered importing netfilter/iptables? > > > Nftables, surely? > We wouldn’t want to import their outdated firewall. Does it support RFC 1149 and RFC 2549? None of our firewalls do. Then again, neither does our stack. How difficult would it be to support this? -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.