From owner-svn-src-projects@freebsd.org  Tue Sep  3 14:06:03 2019
Return-Path: <owner-svn-src-projects@freebsd.org>
Delivered-To: svn-src-projects@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0A916DC1C6
 for <svn-src-projects@mailman.nyi.freebsd.org>;
 Tue,  3 Sep 2019 14:06:01 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46N7yw17Ylz4P59;
 Tue,  3 Sep 2019 14:06:00 +0000 (UTC)
 (envelope-from yuripv@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 1452)
 id E860E19F65; Tue,  3 Sep 2019 14:05:53 +0000 (UTC)
X-Original-To: yuripv@localmail.freebsd.org
Delivered-To: yuripv@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id 6E4E76CED;
 Mon,  1 Apr 2019 07:28:43 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2A69D89286;
 Mon,  1 Apr 2019 07:28:43 +0000 (UTC)
 (envelope-from owner-src-committers@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 538)
 id 1A2DF6CEC; Mon,  1 Apr 2019 07:28:43 +0000 (UTC)
Delivered-To: src-committers@localmail.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (Client CN "mx1.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by freefall.freebsd.org (Postfix) with ESMTPS id 82CF26CE9;
 Mon,  1 Apr 2019 07:28:40 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "Client", Issuer "CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 551EE89284;
 Mon,  1 Apr 2019 07:28:39 +0000 (UTC)
 (envelope-from cy.schubert@cschubert.com)
Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA
 id ArMwh9ox3ldkPArMxhFZho; Mon, 01 Apr 2019 01:28:36 -0600
X-Authority-Analysis: v=2.3 cv=Ko4zJleN c=1 sm=1 tr=0
 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17
 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=8nJEP1OIZ-IA:10 a=oexKYjalfGEA:10
 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=9kjIXSS1uQBkUWT0IQoA:9 a=wPNLvfGTeEIA:10
 a=-FsMTTDYTgkA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22
Received: from slippy.cwsent.com (slippy [10.1.1.91])
 by spqr.komquats.com (Postfix) with ESMTPS id AE4A728E;
 Mon,  1 Apr 2019 00:28:33 -0700 (PDT)
Received: from slippy.cwsent.com (localhost [127.0.0.1])
 by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x317SWvK076166;
 Mon, 1 Apr 2019 00:28:33 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Received: from slippy (cy@localhost)
 by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x317SWXD076162;
 Mon, 1 Apr 2019 00:28:32 -0700 (PDT)
 (envelope-from Cy.Schubert@cschubert.com)
Message-Id: <201904010728.x317SWXD076162@slippy.cwsent.com>
X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs
X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.7.1
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Kristof Provost <kp@FreeBSD.org>
cc: Ed Schouten <ed@nuxi.nl>, src-committers <src-committers@freebsd.org>,
 svn-src-projects@freebsd.org
Subject: Re: svn commit: r345760 - in head: contrib/pf sys/netpfil/pf 
 sbin/pfctl
In-Reply-To: Message from Kristof Provost <kp@FreeBSD.org> of "Mon,
 01 Apr 2019 08:47:16 +0200."
 <EFC99E7D-CE93-4168-B0A3-CD36113A652F@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-CMAE-Envelope: MS4wfGSqeA/PmpmBvnSL5CGPtTWw1TIb5dXcMnH94VDPRJyoWiv0MePw8zT50b9XVsmUbDcCxbqgrXlXpO5sq/Bn/PhdBVuwE0SXY47ACFJD7hHts6S83fvX
 GQ0JCiKmstmef6RYbO6h7N6hhLFY+3FENA8izVfvW5vBVaiYNgqxfDnWZcIYXPtuOAjd28MdIfDrGW3DbrlJ+o2kN8YF/zxgP1XSiJm6hYoQfWF9ABCWNt1D
 sgK13vFy862eV4NrynV+6NE5DHtdWDLPnS47cBynSfo=
Precedence: bulk
X-Loop: FreeBSD.org
Sender: owner-src-committers@freebsd.org
X-Rspamd-Queue-Id: 2A69D89286
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-2.97 / 15.00];
 local_wl_from(0.00)[freebsd.org];
 NEURAL_HAM_MEDIUM(-1.00)[-0.999,0];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.97)[-0.969,0];
 ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]
Status: O
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.29
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects/>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
Date: Tue, 03 Sep 2019 14:06:03 -0000
X-Original-Date: Mon, 01 Apr 2019 00:28:32 -0700
X-List-Received-Date: Tue, 03 Sep 2019 14:06:03 -0000

In message <EFC99E7D-CE93-4168-B0A3-CD36113A652F@FreeBSD.org>, Kristof 
Provost
writes:
> 
>
> > On 1 Apr 2019, at 08:39, Ed Schouten <ed@nuxi.nl> wrote:
> > 
> > Op ma 1 apr. 2019 om 07:53 schreef Kristof Provost <kp@freebsd.org>:
> >>  Users are advised to migrate to ipf.
> > 
> > Has anyone considered importing netfilter/iptables?
> > 
> Nftables, surely?
> We wouldn’t want to import their outdated firewall. 

Does it support RFC 1149 and RFC 2549? None of our firewalls do. Then 
again, neither does our stack. How difficult would it be to support 
this?


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.