From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 04:10:20 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id CBE7E16A4CF; Thu, 16 Sep 2004 04:10:20 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 5523 invoked by alias); 29 Jul 2004 04:26:58 -0000 Delivered-To: unirz@vampire.homelinux.org Received: (qmail 5520 invoked from network); 29 Jul 2004 04:26:57 -0000 Received: from mailstud.rz.uni-karlsruhe.de (129.13.185.210) by p54808ad7.dip.t-dialin.net with SMTP; 29 Jul 2004 04:26:57 -0000 Received: from spamstud.rz.uni-karlsruhe.de (spamstud.rz.uni-karlsruhe.de [129.13.185.237]) by mailstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1Bq2Wr-0006TG-3y for max.laier@stud.uni-karlsruhe.de; Thu, 29 Jul 2004 06:28:29 +0200 Received: from localhost (exim@[127.0.0.1]) by spamstud.rz.uni-karlsruhe.de with spam-scanned (Exim 4.34 #1) id 1Bq2Wr-00052K-0S for max.laier@stud.uni-karlsruhe.de; Thu, 29 Jul 2004 06:28:29 +0200 Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171]) by spamstud.rz.uni-karlsruhe.de with esmtp (Exim 4.34 #1) id 1Bq2Wq-000529-TL for max.laier@stud.uni-karlsruhe.de; Thu, 29 Jul 2004 06:28:28 +0200 Received: from [212.227.126.215] (helo=mxng19.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Bq2Wq-0002tt-00 for max.laier@stud.uni-karlsruhe.de; Thu, 29 Jul 2004 06:28:28 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng19.kundenserver.de with esmtp (Exim 3.35 #1) id 1Bq2Wq-00084W-00 for max@love2party.net; Thu, 29 Jul 2004 06:28:28 +0200 Received: from localhost (localhost [127.0.0.1])ESMTP id 77D5372C2FC; Wed, 28 Jul 2004 23:01:12 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12416-80; Wed, 28 Jul 2004 23:01:12 -0500 (EST) Received: from turing (localhost [127.0.0.1])ESMTP id 69C1F72C391; Wed, 28 Jul 2004 23:01:11 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Wed, 28 Jul 2004 23:00:51 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from localhost (localhost [127.0.0.1])ESMTP id E567E72C2FC for ; Wed, 28 Jul 2004 23:00:50 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 12416-72 for ; Wed, 28 Jul 2004 23:00:50 -0500 (EST) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.171])ESMTP id 0E21972C2AF for ; Wed, 28 Jul 2004 23:00:50 -0500 (EST) Received: from [212.227.126.208] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1Bq2WQ-0002sT-00 for pf4freebsd@freelists.org; Thu, 29 Jul 2004 06:28:02 +0200 Received: from [84.128.138.215] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1Bq2WP-0005FC-00 for pf4freebsd@freelists.org; Thu, 29 Jul 2004 06:28:02 +0200 From: Max Laier To: pf4freebsd@freelists.org User-Agent: KMail/1.6.2 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-03=_ZxHCB6h+dwFt9PQ"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200407290626.01176.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 389 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: max@love2party.net Precedence: normal X-list: pf4freebsd X-Virus-Scanned: by amavisd-new at freelists.org X-Provags-Forward: max@love2party.net -> max.laier@stud.uni-karlsruhe.de X-Scan-Signature: 8f5a9ce12ee52d404a50cd7ffff3d55b X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mail6.rz.uni-karlsruhe.de X-Spam-Status: No, hits=-4.9 required=7.0 tests=BAYES_00 autolearn=no version=2.61 X-Spam-Level: X-UID: 498 X-Length: 12602 X-Mailman-Approved-At: Thu, 16 Sep 2004 04:12:49 +0000 Subject: [pf4freebsd] HTML-ify anyone? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 04:10:20 -0000 X-Original-Date: Thu, 29 Jul 2004 06:25:54 +0200 X-List-Received-Date: Thu, 16 Sep 2004 04:10:20 -0000 --Boundary-03=_ZxHCB6h+dwFt9PQ Content-Type: multipart/mixed; boundary="Boundary-01=_SxHCBzPICafPtDl" Content-Transfer-Encoding: 7bit Content-Disposition: inline --Boundary-01=_SxHCBzPICafPtDl Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, as you might know, the pf-page is (a bit) out-of-date/undermaintained. This= is=20 due to my lack of time and HTML-skillz. I'd be more than happy if somebody= =20 would be so nice to volunteer to HTML-ify/proofread/enhance the attached=20 plain-text and sent me the resulting HTML-pages. Improvements and comments= =20 very welcome also! General notes: It's nothing fancy, agreed. But it's better than what is the= re=20 now. It has some raw edges and might be outdated as well (I wrote this whil= e=20 on a train a couple of weeks ago), but I was kinda hoping for you to jump i= n=20 and provide an "intelligent transformation" i.e. improving my scribbling=20 while keeping the idea. I don't object a complete rewrite either. On a sidenote to this I'd also like to remind you that there is no informat= ion=20 or advertisement of pf in the handbook/non-manpage-documentation, yet. If=20 somebody is interested in addressing this short coming, please get in touch= =20 with me! Fundamental work (rewrite of the "Firewall section" in the handboo= k)=20 has been started, but with documentation - you can never have enough! Looking forward to your feedback. Thanks in advance! =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --Boundary-01=_SxHCBzPICafPtDl Content-Type: text/plain; charset="us-ascii"; name="pf_homepage.txt" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="pf_homepage.txt" Names: =3D Pyun YongHyeon =3D Mark Johnston =3D Daniel Hartmeier =3D Kenjiro Cho =3D Max Laier Site map: INDEX LINKS CHANGES TODO/HELP ALTQ MAILINGLIST INDEX: This is the homepage of the FreeBSD packet filter (pf) ported by derived from OpenBSD. =2D--- Status: The port is part of the FreeBSD base system as of March, 8th 2004 and in sync with OpenBSD 3.5-STABLE. =2D--- History: This port was started by with the following post on deadly: Since it generated a lot of interest we started this project "pf4freebsd" and created a FreeBSD port Many people provided help along the way, most noteable - the original author of pf at OpenBSD. Shortly after FreeBSD 5.2.1 was released, we were invited to merge our port into the FreeBSD base system, were it is maintained now. Currently and take care of it and will try to keep it in sync with OpenBSD-STABLE. We will also try to merge other relaiability fixes from OpenBSD-CURRENT, which do not make -STABLE in OpenBSD due to pocily. In addition we will try to provide FreeBSD specific modifications e.g. per-jail rules. The plan is to follow OpenBSD's lead as we see this project as a port not a forge, but still to allow FreeBSD users and developers to use pf's power in the ways FreeBSD demands/allows. If you have general ideas to improve pf or for additional features, we encourage you to bring them to OpenBSD first. It's okay however to provide us with your FreeBSD patches. =2D--- Resources: =2D WIP patches waiting for testers will be on =2D The latest stable version of the port is available with FreeBSD-current =2D Port/FreeBSD-specific questions and discussion should go to =2D pf questions in general and discussion should go to =2D For examples, tutorials and further reading see: LINKS: || see old page CHANGES: The old (pre-import) Changelist can be found here: =2D--- Since the import was done, changes are available via FreeBSD's cvsweb interface: does a good job with writting summeries found at: =46or security relevant changes see the OpenBSD-STABLE errata page: We usually manage to sync changes from there with a delta <1 day and the OpenBSD security officers provide us with a pre-release HEADSUP for critical patches. Anouncements of critical updates and imports of a new OpenBSD version will be posted to TODO/HELP: If you run into anything unexcepted, please take the time to tell us about it. Provide as much detail as possible, but even an uncomplete report is better than no report at all! Submit report to one of MAILINGLIST, or send-pr(1) it. If you use the latter CC so that I can take care. If you are interested in testing the latest pf-features on your FreeBSD- current box, you should take a look at http://people.freebsd.org/~mlaier/ from time to time and subscribe to the were we will announce new patches and updates to older etc. =46or the patches on <~mlaier> we are interested in sucess stories as well.= If you were able to boot/run/use it on your setup, please file a short report about your test-setup to either the or directly. If you have problems with the patches, you can ask on the or mail to . Please do *not* use send-pr(1) for this. ALTQ: Alternate queuing (ALTQ) is a framework that allows to shape network traffic. ALTQ was imported to FreeBSD-current as of June, 13th 2004.=20 It was originally developed as part of the KAME project by . OpenBSD picked it up and invented a nice way to integrate certain parts of ALTQ with pf, making it a lot more easy to manage. These changes were synced back to the KAME project and are now the de-facto standard for everyday use of ALTQ (know as "pf_mode"). The original ALTQ3_COMPAT code and /dev/altq have still some relevance for scientific disciplines, though. pf becomes an even more powerful tool now that it has ALTQ support. On <~mlaier> there is are a couple of driver modifications that need testing. If you want ALTQ on you card but do not find a patchset there, please write an email to . ALTQ in FreeBSD supports "pf mode" only, for a couple of reasons: 1) FreeBSD 5 uses fine-grained locking and /dev/altq is hard to lock. 2) Same applies for the standalone classifier. 3) We see no real benefit in the ALTQ3 approach. Other firewalls (such as ipfw and ipf) could be used to classify for this version of ALTQ as well. The API is well-defined and it should be trivial to come up with a patch for ipfw esp. since it already does something alike for dummynet. By the way, dummynet provides a completely different way of traffic shaping, which we consider inferior to the ALTQ aproach for some very common applications. It has its strenght as well, where ALTQ lacks functionality. This is a fundamental difference in design which is why we believe that dummynet just isn't enough for all applications. The fact that dummynet is very closely coupled with ipfw makes it hard to utilize from pf and further creates the want for ALTQ in FreeBSD. MAILINGLIST: Use the old pages || create pf-freebsd@freebsd.org and link to mailman??? --Boundary-01=_SxHCBzPICafPtDl-- --Boundary-03=_ZxHCB6h+dwFt9PQ Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBBCHxZXyyEoT62BG0RAvCYAJwLDNxnxXsoQWXVrPrhe71sOxsJAgCcCzVz p4imIBFQ9x7YtxhqiSqf+yc= =b7rN -----END PGP SIGNATURE----- --Boundary-03=_ZxHCB6h+dwFt9PQ--