Date: Sat, 21 Jan 2012 23:26:58 +0000 From: Greg Hennessy <Greg.Hennessy@nviz.net> To: =?iso-8859-1?Q?Ermal_Lu=E7i?= <eri@freebsd.org>, Walt Elam <wrelam@gmail.com> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: RE: Getting Involved Message-ID: <9EB23F6C23A8B6488E8BCC92A48E832612A5BC03A9@PEMEXMBXVS04.jellyfishnet.co.uk.local> In-Reply-To: <CAPBZQG2S9T4v_4g09mXaukG4o3_4w8h51py6-iPoA%2BgmsuenUw@mail.gmail.com> References: <CAConN%2BkZquK7MJ_6YPtEV=sJdqC%2BniRqMmp2ZgQL%2Bo2m1wvXSQ@mail.gmail.com> <CAPBZQG2S9T4v_4g09mXaukG4o3_4w8h51py6-iPoA%2BgmsuenUw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > There is one catch. > FreeBSD does not want to break compatibility of old syntax and that is wh= y > i did not port the latest version of pf(4). Shades of the versioning/maintenance issues surrounding putting Perl in the= base way back in the day.=20 > What is there now makes it 'trivial' to go to the latest pf(4) version in Does that include the performance improvements which came with new version?= =20 Would be interesting to know what impact if any they would have on the Free= BSD PF port.=20 > Open but there needs to be a layer of translation > for the old syntax to new syntax. As a one off translation when someone upgrades Major version numbers to the= FreeBSD version hosting the new PF code?=20 Or run every time when someone loads the security policy for now and the fo= reseeable future?=20 > That is the only reason its not been done. I can see the issues, hope it's not intractable.=20 The new syntax is a significant improvement, shame about lack of thought gi= ven to backward compatibility.=20 =20 With your expert knowledge on this Ermal, is it possible to run both old a= nd new PF parsers in there to generate a policy which would run against the= newer packet filtering engine code? Defaulting to the old syntax, with say something like a ' later_pf_enable= =3D"yes"'' in rc.conf or a single 'use' line at the top of pf.conf to switc= h to the new syntax?=20 Regards Greg =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9EB23F6C23A8B6488E8BCC92A48E832612A5BC03A9>