From owner-freebsd-pf@FreeBSD.ORG Wed Mar 26 15:07:04 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2A83D106566B for ; Wed, 26 Mar 2008 15:07:04 +0000 (UTC) (envelope-from dalibor.gudzic@gmail.com) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.184]) by mx1.freebsd.org (Postfix) with ESMTP id A4D1E8FC16 for ; Wed, 26 Mar 2008 15:07:03 +0000 (UTC) (envelope-from dalibor.gudzic@gmail.com) Received: by gv-out-0910.google.com with SMTP id n40so838120gve.39 for ; Wed, 26 Mar 2008 08:07:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=LE/mDDPRmSCg7HbOqyK8yeZXI3ETh371cQbMQPQZSJM=; b=EZz4ZD0aRlO5L7J/ZEvdsZ3WyP041dWMbHhbbqX5unqdFEzyA8slb+b1UKuF9fvsBKb95dHG+J0P0aNeCzpII/+op++Fx1+br9yuXAmEEKmSyqUavWw3IulUZSTRfndv7qr0Y7zXOkKsSsvRuDCdnQq1DIPts8legOYD+aG0uJ8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=aTgrtT26NWezLKZvyYI/exyD9obZ6JzU1W/2MatQYlQ2dPwxMHE4fob5gK1++V7tDZbTdNUlhc6TfMz3IzX0Xs7ZxgGZB+BlQZuXD2yUfZ0eucrctZFu393VLN9DXjjLqRg+2G9nkY68wF22/fqXc0Ay7IgKo3iPZkbXofL2pro= Received: by 10.151.38.12 with SMTP id q12mr47954ybj.174.1206542462594; Wed, 26 Mar 2008 07:41:02 -0700 (PDT) Received: by 10.150.228.11 with HTTP; Wed, 26 Mar 2008 07:41:02 -0700 (PDT) Message-ID: <866fa9520803260741rdf08419w178b0050315718b3@mail.gmail.com> Date: Wed, 26 Mar 2008 15:41:02 +0100 From: "Dalibor Gudzic" To: "Jeremy Chadwick" In-Reply-To: <20080326114710.GA81567@eos.sc1.parodius.com> MIME-Version: 1.0 References: <9DE6EC5B5CF8C84281AE3D7454376A0D6D0290@cetus.dawnsign.com> <20080326025316.GA68607@eos.sc1.parodius.com> <47EA12CA.90305@nviz.net> <20080326114710.GA81567@eos.sc1.parodius.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Greg Hennessy , freebsd-pf@freebsd.org Subject: Re: Bacula File/Storage Connection Woes using PF X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2008 15:07:04 -0000 On Wed, Mar 26, 2008 at 12:47 PM, Jeremy Chadwick wrote: > This brings up another situation: there's no version number of pf in > FreeBSD that I can find. The OpenBSD docs continually say "as of > OpenBSD x.y". This confuses people, who when using pf under FreeBSD, > have no knowledge of what version of pf we're using. What version is in > RELENG_6? 7? CURRENT? I didn't know until a few minutes ago -- > because I went to cvsweb and had to look up the CVS commit messages > myself: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/pf/net/pf.c > > Now that I know, I can make appropriate adjustments. But requiring > users to look at CVS commit messages is a bit unrealistic, don't you > think? Maybe I should submit a PR asking that the version of pf pulled > into FreeBSD be kept in the pf(4), pf.conf(5), and pfctl(8) manpages? > What do you suggest? > > > Our cousins over the road in the OpenBSD neighbourhood have done this > > precisely because of the issues caused in prior versions of PF by using > > stateless rules and/or establishing TCP state on anything other than the > 3 > > way handshake. > > Yep, aware of that -- except that users have no idea as to whether the > implicit "keep state" on every rule applies to FreeBSD or not, or if > it's "safe" or not, because OpenBSD != FreeBSD. They read the OpenBSD > docs and go "errr... so what version is FreeBSD using?" > From: http://pf4freebsd.love2party.net/ Status The port is part of the base system of FreeBSD 5.X as of March, 8th 2004. - In RELENG_5 - pf is at OpenBSD 3.5 - In RELENG_6 - pf is at OpenBSD 3.7 - In RELENG_7 - pf is at OpenBSD 4.1 - In HEAD - pf is at OpenBSD 4.1 - at this time. - It has been said several times on the list as well. :)