From owner-svn-src-projects@freebsd.org Tue Sep 3 14:06:05 2019 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 246ABDC1DE for ; Tue, 3 Sep 2019 14:06:01 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N7yw1wfkz4P5K; Tue, 3 Sep 2019 14:06:00 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id ED5A619F67; Tue, 3 Sep 2019 14:05:53 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 674706E19; Mon, 1 Apr 2019 07:31:12 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2C1F68941F; Mon, 1 Apr 2019 07:31:12 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 1075C6E17; Mon, 1 Apr 2019 07:31:12 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [96.47.72.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id F3FF16E15 for ; Mon, 1 Apr 2019 07:31:08 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 930BE89414; Mon, 1 Apr 2019 07:31:08 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.codepro.be", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 6ED761A307; Mon, 1 Apr 2019 07:31:08 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from [10.69.87.58] (unknown [149.11.171.2]) (Authenticated sender: kp) by venus.codepro.be (Postfix) with ESMTPSA id 1D6AC2E23E; Mon, 1 Apr 2019 09:31:07 +0200 (CEST) From: "Kristof Provost" To: "Cy Schubert" Cc: "Ed Schouten" , src-committers , svn-src-projects@freebsd.org Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf sbin/pfctl X-Mailer: MailMate (2.0BETAr6135) Message-ID: <9E67836D-5E66-4E82-AB3F-F854AE008759@FreeBSD.org> In-Reply-To: <201904010728.x317SWXD076162@slippy.cwsent.com> References: <201904010728.x317SWXD076162@slippy.cwsent.com> MIME-Version: 1.0 Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 2C1F68941F X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.97)[-0.971,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:06:05 -0000 X-Original-Date: Mon, 01 Apr 2019 09:31:06 +0200 X-List-Received-Date: Tue, 03 Sep 2019 14:06:05 -0000 On 1 Apr 2019, at 9:28, Cy Schubert wrote: > In message , Kristof > Provost > writes: >> >> >>> On 1 Apr 2019, at 08:39, Ed Schouten wrote: >>> >>> Op ma 1 apr. 2019 om 07:53 schreef Kristof Provost : >>>> Users are advised to migrate to ipf. >>> >>> Has anyone considered importing netfilter/iptables? >>> >> Nftables, surely? >> We wouldn’t want to import their outdated firewall. > > Does it support RFC 1149 and RFC 2549? None of our firewalls do. Then > again, neither does our stack. How difficult would it be to support > this? > I’ve done some investigating, and the current research indicates that while it is possible to filter RFC 1149 and RFC 2549 it’s very hard to train the falcons, and it does make a bit of a mess when you drop packets. Regards, Kristof