From owner-freebsd-doc@FreeBSD.ORG Sat Apr 21 03:09:51 2012 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 22EE0106566B for ; Sat, 21 Apr 2012 03:09:51 +0000 (UTC) (envelope-from jdferrell3@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id C86AB8FC08 for ; Sat, 21 Apr 2012 03:09:50 +0000 (UTC) Received: by vcmm1 with SMTP id m1so9507565vcm.13 for ; Fri, 20 Apr 2012 20:09:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=D1WXpK/8Wy00iaqRk6VEfy5w60SJmfO6kxwvwnPyw0Y=; b=YJqOwcIVH2yXmjWE9WjNjgm0etFxmTC5ArUnP+PZoNKojZNkuTE3aRn1tWNnMACL+z PHELsXJasXPwgRsYLFxD9jW7lVi5ZQJ6nNN/nITWeHmlp3gl1dBsy/WIuN3fvuVF027p PRk1c8RKNwGm9ljUeYc4rC9wf3gBdweiJdZZB3+NGfuhycLsml0QRRd+bgbokxl5uHfj QpdHhQs6MQjtBeNgFeG+EczRn1gPOrVm+F5CxpqZ5mKC7J2sf9cnspQeZWAO2oZwapa8 GF9hMsLu7RR+KNwUr3q4J3SiGEWjyNWVMImJ5Z/izc5Nq4jlaZ5feN1gNcIyynJVOScv 4MIA== Received: by 10.52.94.146 with SMTP id dc18mr6225979vdb.19.1334977790079; Fri, 20 Apr 2012 20:09:50 -0700 (PDT) Received: from neodymium (pool-74-103-48-158.bltmmd.fios.verizon.net. [74.103.48.158]) by mx.google.com with ESMTPS id gz10sm11020008vdb.5.2012.04.20.20.09.49 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 20 Apr 2012 20:09:49 -0700 (PDT) Date: Fri, 20 Apr 2012 23:09:40 -0400 From: John Ferrell To: freebsd-doc@freebsd.org Message-ID: <20120421030940.GA2490@neodymium> References: <20120419120032.1068C1065726@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120419120032.1068C1065726@hub.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from OpenBSD 4.5 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Apr 2012 03:09:51 -0000 > Message-ID: <201204181750.q3IHo6s3087082@freefall.freebsd.org> > > The following reply was made to PR docs/167056; it has been noted by GNATS. > > From: Remko Lodder > To: Joe Barbish > Cc: freebsd-gnats-submit@FreeBSD.org > Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from OpenBSD 4.5 > Date: Wed, 18 Apr 2012 19:44:44 +0200 > > On Apr 18, 2012, at 2:37 PM, Joe Barbish wrote: > > >=20 > >> Number: 167056 > >> Category: docs > >> Synopsis: ERROR Handbook 9.0, firewall section, PF from OpenBSD = > 4.5 > >> Confidential: no > >> Severity: critical > >> Priority: high > >> Responsible: freebsd-doc > >> State: open > >> Quarter: =20 > >> Keywords: =20 > >> Date-Required: > >> Class: doc-bug > >> Submitter-Id: current-users > >> Arrival-Date: Wed Apr 18 12:40:02 UTC 2012 > >> Closed-Date: > >> Last-Modified: > >> Originator: Joe Barbish > >> Release: 9.0 > >> Organization: > > none > >> Environment: > >> Description: > > ERROR Handbook 9.0, firewall section, PF firewall from OpenBSD 4.5 > > = > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.htm= > l > > Is that an error? ;-) > > >=20 > > I am the original author [Joe Barbish] of the whole security firewall = > section.=20 > >=20 > > Previous versions of the FreeBSD handbook had a detailed section on PF = > including rule examples matching the version of PF included with FreeBSD = > 9.0. But it was revised and updated by John Ferrell. What he did was to = > remove a very large section containing example rules. It=82s obvious = > this person was un-supervised and has no knowledge of PF or what the = > real problem was. > > I think you should refrain from making these kind of assumptions. I = > Remember more of these things from you in the past, you just shouldn't > do this, people will not take you seriously. Or better said: I wont take = > you serious if you talk like this. The changes were reviewed and = > committed > by a FreeBSD Committer, which means he had spend his time looking into = > this and obviously not removing vital things that need to stay. > > The commit you seem to refer to is this one: > > = > http://www.freebsd.org/cgi/cvsweb.cgi/doc/en_US.ISO8859-1/books/handbook/f= > irewalls/chapter.sgml.diff?r1=3D1.82;r2=3D1.83 > > There are no removal of large sections containg example rules in that = > commit. So I think you must have been mistaken about the > actual removal. Please demonstrate what commit you mean. I am the John Ferrell that Joe is refering to. As Remko noted, the patch I submitted did not remove any rules--there were no example rules in the document at the time. The patch was commited in May 2008. I suspect that when the rules were removed from the handbook it was because the sample rules included with FreeBSD (/usr/share/examples/pf) and the man pages cover many different scenarios. > All that was needed was an additional statement in the FreeBSD = > handbook security/PF section saying =84FreeBSD 9.0 is running a outdated = > version of PF [4.5], at PF version [4.7] the syntax of the NAT and = > ftp-proxy rule changed. The reader should keep in mind the below links = > reference the OpenBSD 5.0 version of PF, but the sample PF rules shown = > below do match the version of PF [4.5] included with FreeBSD 9.0. Then = > add a comment to the NAT rule in the sample rules saying this is the = > syntax for NAT usage in versions earlier than version 4.7 and then have = > the new NAT rule with comment for version 4.7 and newer. Them when = > FreeBSD finally updates to the current version of OpenBSD PF ie:5.0 or = > 5.1 the links in the FreeBSD handbook would automatically become = > meaningful.=20 I agree, it should be made more clear that OpenBSD's PF syntax differs from that of FreeBSD's. If no one is working on this I'll be glad to submit a patch. John