From owner-freebsd-current@FreeBSD.ORG  Tue Nov 20 12:13:40 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id AAC0AA76
 for <freebsd-current@freebsd.org>; Tue, 20 Nov 2012 12:13:40 +0000 (UTC)
 (envelope-from gpalmer@freebsd.org)
Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1])
 by mx1.freebsd.org (Postfix) with ESMTP id 5C2FA8FC0C
 for <freebsd-current@freebsd.org>; Tue, 20 Nov 2012 12:13:40 +0000 (UTC)
Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD))
 (envelope-from <gpalmer@freebsd.org>)
 id 1Tamhp-000188-Pd; Tue, 20 Nov 2012 07:13:33 -0500
Date: Tue, 20 Nov 2012 07:13:33 -0500
From: Gary Palmer <gpalmer@freebsd.org>
To: Olivier Smedts <olivier@gid0.org>
Subject: Re: Upgrading FreeBSD to use the NEW pf syntax. (Copied from
 freebsd-pf)
Message-ID: <20121120121333.GB88593@in-addr.com>
References: <op.wn1vxr1jjfousr@box.dlink.com>
 <CABzXLYPYtQanh5O6+TH0=e46P990iXcDoB0apY_BOtzmn9-S7Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CABzXLYPYtQanh5O6+TH0=e46P990iXcDoB0apY_BOtzmn9-S7Q@mail.gmail.com>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: gpalmer@freebsd.org
X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false
Cc: Paul Webster <paul.g.webster@googlemail.com>, freebsd-current@freebsd.org
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2012 12:13:40 -0000

On Tue, Nov 20, 2012 at 11:43:04AM +0100, Olivier Smedts wrote:
> 2012/11/20 Paul Webster <paul.g.webster@googlemail.com>:
> > I am aware this is a much discussed subject since the upgrade of PF, I
> > believe the final decision was that to many users are used to the old
> > style pf and an upgrade to the new syntax would cause to much confusion.
> 
> But a change like this is expected in a new major branch, ie.
> 10-CURRENT. Not so in -STABLE branches of course. I don't see the
> problem here.

So you don't expect people to upgrade boxes in place?

I also guess you've never been 5,000 miles away from a box and typo'd something
in the firewall and locked yourself out.  The think how tons of FreeBSD
users would feel if the default pf syntax was changed to be incompatible and
they find themselves in a similar situation after an upgrade.  Defaulting to
open, while it could solve the problem (although I would suspect there could
be edge cases where it doesn't), could be bad for other reasons.

The other question that I haven't seen answered (or maybe even asked), but
is relevant: what do we gain by going to a later version of pf?  I.e. as an
administrator, what benefit do I get by having to expend effort converting
my filter rules?

Gary