From owner-freebsd-pf@freebsd.org  Tue Aug 20 10:32:17 2019
Return-Path: <owner-freebsd-pf@freebsd.org>
Delivered-To: freebsd-pf@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7B58ECD54D
 for <freebsd-pf@mailman.nyi.freebsd.org>; Tue, 20 Aug 2019 10:32:17 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from mail.tilda.center (srv02.tilda.center [199.247.21.11])
 by mx1.freebsd.org (Postfix) with ESMTP id 46CRtm3ry0z49wN;
 Tue, 20 Aug 2019 10:32:16 +0000 (UTC)
 (envelope-from meka@tilda.center)
Received: from hal9000.home.meka.rs (109-92-168-5.dynamic.isp.telekom.rs
 [109.92.168.5])
 by mail.tilda.center (Postfix) with ESMTPSA id 2E5B112146;
 Tue, 20 Aug 2019 12:32:15 +0200 (CEST)
Date: Tue, 20 Aug 2019 12:32:14 +0200
From: Goran =?utf-8?B?TWVracSH?= <meka@tilda.center>
To: Kristof Provost <kp@FreeBSD.org>
Cc: Tom Marcoen <tom.marcoen@gmail.com>, mlaier@freebsd.org,
 freebsd-pf@freebsd.org
Subject: Re: Update to PF from OpenBSD 6.5
Message-ID: <20190820103214.tc5x23tjiecp3kkx@hal9000.home.meka.rs>
References: <CAJ-iVrOfPZK_HKnXz=JQGSbUt7NG=00dYhDHKT8cSzmEfY1cBw@mail.gmail.com>
 <85968D92-66E6-4024-83C9-D82C115A35FE@FreeBSD.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="jtox56cdexyh6uxi"
Content-Disposition: inline
In-Reply-To: <85968D92-66E6-4024-83C9-D82C115A35FE@FreeBSD.org>
User-Agent: NeoMutt/20180716
X-Rspamd-Queue-Id: 46CRtm3ry0z49wN
X-Spamd-Bar: --------
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates
 199.247.21.11 as permitted sender) smtp.mailfrom=meka@tilda.center
X-Spamd-Result: default: False [-8.25 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4];
 R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 TAGGED_RCPT(0.00)[];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 DMARC_NA(0.00)[tilda.center]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 NEURAL_HAM_SHORT(-0.95)[-0.951,0]; SIGNED_PGP(-2.00)[];
 RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:20473, ipnet:199.247.16.0/21, country:US];
 FREEMAIL_CC(0.00)[gmail.com];
 IP_SCORE(-3.00)[ip: (-9.74), ipnet: 199.247.16.0/21(-4.83), asn: 20473(-0.37),
 country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2019 10:32:17 -0000


--jtox56cdexyh6uxi
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 20, 2019 at 11:49:18AM +0200, Kristof Provost wrote:
> One thing I=E2=80=99ve thought of trying, and that might be an interestin=
g stepping
> stone, is to create a port (/usr/ports/net/opf or whatever) of OpenBSD=E2=
=80=99s pf.
> In that version it=E2=80=99d be acceptable to not fix any of the above is=
sues. It=E2=80=99d
> still give users to option of getting the new syntax. I=E2=80=99d expect =
this to be
> a relatively straightforward exercise.
That would be cool, but only if FreeBSD PF can not be "fixed" to support
OpenBSD PF syntax.

> In principle there=E2=80=99s nothing to stop us from doing that same work=
 in base,
> but we=E2=80=99re **NOT** going to import a fourth firewall. We=E2=80=99r=
e just not.
Are you sure? https://2019.eurobsdcon.org/talk-speakers/#NPF. At least I
hope the import is pfil based.

Regards,
meka

--jtox56cdexyh6uxi
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAl1bzCsACgkQWj1Tknov
rLbaiw//ZFqQFZsLYsR0oHREzcJA57U8DY3N1WG5MNJBti0pzr116N+Er+IQMPL7
BoYIBXzFaIdnPRJB6F86IOJOkpdyEdDKi12UsOIxgXRsprPIH//lUUVwtRrOlVvM
gPPIwJAceXfFqyNc+HmCd3Y/LR1Y46d6tnmBCyesd+kZ+TUsCa3sHVZDU9q7L/po
X4HeN0MKfDW1FOwRLUUTOwow+yIOHN8iRiJU1lJQ3qm/IaKv6WjW2RbneZSujtQw
k8vpv6vV6/741mF7K2wj8HOXqpjTafQC99axNQM5xRnlrqbsc9GPgHaffq8U8RCh
NrQNmZYpZYIl+wkUPJP8/hlbXwMLX1W2Y/s6zzBCFVvF+igdRy+c9Oy91apS5J7a
d6erO0NAaF6WPJ+78zZfcG5DHRJEzWZhxa8Wnyac/F3gkjuMKglqwMu1u4nOT1AM
W0emlu7XgOEcghUbYM1Aozye0Vm1G8QsfqyHt7stRl8wsW5Dey90mS2DZ0zMRkyM
Sv861HAfhjhz3kHBvf0loNdD0gFg6Ll9utDRTXPRxLFmySzo6zjfND/UfuvIScow
CyF3ceDlXNU6Y7rn/Z+jawVzKXWbeB1glMgnYGnV8JDFwma755+r8b9naTFnjS13
wE3skeuhpW80pVK5/vx4BsO4lmpcxRctYHwj2BbP7yUlT3+43WM=
=noow
-----END PGP SIGNATURE-----

--jtox56cdexyh6uxi--