Date: Fri, 20 Apr 2012 23:09:40 -0400 From: John Ferrell <jdferrell3@gmail.com> To: freebsd-doc@freebsd.org Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from OpenBSD 4.5 Message-ID: <20120421030940.GA2490@neodymium> In-Reply-To: <20120419120032.1068C1065726@hub.freebsd.org> References: <20120419120032.1068C1065726@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Message-ID: <201204181750.q3IHo6s3087082@freefall.freebsd.org> > > The following reply was made to PR docs/167056; it has been noted by GNATS. > > From: Remko Lodder <remko@elvandar.org> > To: Joe Barbish <fbsd8@a1poweruser.com> > Cc: freebsd-gnats-submit@FreeBSD.org > Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from OpenBSD 4.5 > Date: Wed, 18 Apr 2012 19:44:44 +0200 > > On Apr 18, 2012, at 2:37 PM, Joe Barbish wrote: > > >=20 > >> Number: 167056 > >> Category: docs > >> Synopsis: ERROR Handbook 9.0, firewall section, PF from OpenBSD = > 4.5 > >> Confidential: no > >> Severity: critical > >> Priority: high > >> Responsible: freebsd-doc > >> State: open > >> Quarter: =20 > >> Keywords: =20 > >> Date-Required: > >> Class: doc-bug > >> Submitter-Id: current-users > >> Arrival-Date: Wed Apr 18 12:40:02 UTC 2012 > >> Closed-Date: > >> Last-Modified: > >> Originator: Joe Barbish > >> Release: 9.0 > >> Organization: > > none > >> Environment: > >> Description: > > ERROR Handbook 9.0, firewall section, PF firewall from OpenBSD 4.5 > > = > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.htm= > l > > Is that an error? ;-) > > >=20 > > I am the original author [Joe Barbish] of the whole security firewall = > section.=20 > >=20 > > Previous versions of the FreeBSD handbook had a detailed section on PF = > including rule examples matching the version of PF included with FreeBSD = > 9.0. But it was revised and updated by John Ferrell. What he did was to = > remove a very large section containing example rules. It=82s obvious = > this person was un-supervised and has no knowledge of PF or what the = > real problem was. > > I think you should refrain from making these kind of assumptions. I = > Remember more of these things from you in the past, you just shouldn't > do this, people will not take you seriously. Or better said: I wont take = > you serious if you talk like this. The changes were reviewed and = > committed > by a FreeBSD Committer, which means he had spend his time looking into = > this and obviously not removing vital things that need to stay. > > The commit you seem to refer to is this one: > > = > http://www.freebsd.org/cgi/cvsweb.cgi/doc/en_US.ISO8859-1/books/handbook/f= > irewalls/chapter.sgml.diff?r1=3D1.82;r2=3D1.83 > > There are no removal of large sections containg example rules in that = > commit. So I think you must have been mistaken about the > actual removal. Please demonstrate what commit you mean. I am the John Ferrell that Joe is refering to. As Remko noted, the patch I submitted did not remove any rules--there were no example rules in the document at the time. The patch was commited in May 2008. I suspect that when the rules were removed from the handbook it was because the sample rules included with FreeBSD (/usr/share/examples/pf) and the man pages cover many different scenarios. > All that was needed was an additional statement in the FreeBSD = > handbook security/PF section saying =84FreeBSD 9.0 is running a outdated = > version of PF [4.5], at PF version [4.7] the syntax of the NAT and = > ftp-proxy rule changed. The reader should keep in mind the below links = > reference the OpenBSD 5.0 version of PF, but the sample PF rules shown = > below do match the version of PF [4.5] included with FreeBSD 9.0. Then = > add a comment to the NAT rule in the sample rules saying this is the = > syntax for NAT usage in versions earlier than version 4.7 and then have = > the new NAT rule with comment for version 4.7 and newer. Them when = > FreeBSD finally updates to the current version of OpenBSD PF ie:5.0 or = > 5.1 the links in the FreeBSD handbook would automatically become = > meaningful.=20 I agree, it should be made more clear that OpenBSD's PF syntax differs from that of FreeBSD's. If no one is working on this I'll be glad to submit a patch. John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120421030940.GA2490>