From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 03:50:52 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4CC791065698 for ; Sun, 20 Feb 2011 03:50:52 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id F26DF8FC1A for ; Sun, 20 Feb 2011 03:50:51 +0000 (UTC) Received: by iyb26 with SMTP id 26so4949048iyb.13 for ; Sat, 19 Feb 2011 19:50:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:in-reply-to :message-id:references:user-agent:x-openpgp-key-id :x-openpgp-key-fingerprint:mime-version:content-type :content-transfer-encoding; bh=b4ebfORVClFFkN841dLc3y1REec9qOFzzPyYjJ2Nw2o=; b=YK1lBVzDJCDzoLFgjoSWs03DIcxrTKQOMEPGvuw7s0ptIXMO32V8juvJmjucHOYo/P KaBmJchFWb4NVoScYYbxHJ4NSkZYETuobocZzXQCrh/vHJFLUNdinfYZajXT4k+xxWL4 acvp104gWMhiGlEnvm5p8hL2L4mLsTfg9JDP4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type:content-transfer-encoding; b=MkY6K6vdQ/1H0lFREXyW6cTeNcbm1KClIz0hMGeb9jmEF7uAUdVUmENAWShFHfoCmk 7sLo8XldmIs7n2qS62r6Bh9lGu6xODATzMIiXmr8nzMYOqZKzEyjjQSo/XMFugE/2BM7 uZWFmkGZ3E8u0cpAIOoXgbzsbNR3ONgjsZXCM= Received: by 10.43.70.143 with SMTP id yg15mr1205931icb.60.1298173851365; Sat, 19 Feb 2011 19:50:51 -0800 (PST) Received: from disbatch.dataix.local ([99.119.129.202]) by mx.google.com with ESMTPS id gy41sm3552068ibb.23.2011.02.19.19.50.49 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 19 Feb 2011 19:50:50 -0800 (PST) Sender: "J. Hellenthal" Date: Sat, 19 Feb 2011 22:50:48 -0500 From: jhell To: Eir Nym In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 03:50:52 -0000 On Fri, 18 Feb 2011 03:26, eirnym@ wrote: > I heard while ago about packet filter update coming, but there're no > news about. Which status of this update? > This was for OpenBSD pf45 not pf47. The patchset should be somewhere in the archives for HEAD. Specifics, From: Ermal Luçi Subject: [PATCH] pf(4) patch from OpenBSD 4.5 Date: Mon, 18 Oct 2010 Message-ID: Regards, -- jhell From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 18:27:50 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EF6621065693 for ; Sun, 20 Feb 2011 18:27:50 +0000 (UTC) (envelope-from eirnym@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7A1188FC08 for ; Sun, 20 Feb 2011 18:27:49 +0000 (UTC) Received: by bwz12 with SMTP id 12so1621652bwz.13 for ; Sun, 20 Feb 2011 10:27:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=887dFlovEu3dB2kAeqoDdob94SkJsTyin0OqYJWIij4=; b=UFFHetakYiFbFUIok9sSOeoD94kiDWnMGnXW1AE7vIACZZW9gMUzwchuw+YeIGW553 /YCstjvnP/X8Wka+K5xu6jhObqiOucvL+hjxM3wyjgPaqwY+NRnx6Y9l8WKya6YNe9j7 84AoWh7aHiUAp7UcuEYv+D/sp471YNxaJ1vTg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=TgIZIwgG2YqMr3kbyElFKE+vSD1xKCF2TqENF2ENuF+WjQI7l7e8nTaPGu35Ho5JU6 eoSpzmlFzQNenxznyA3kLW5CrwfN8Mpi4HmZNuWZVXhbnnLUy/BmseNl+gKG1NmLCFTy fK42eocqj6QhiHGgZP9HtqhIPOyA1L5mSHhak= Received: by 10.204.65.83 with SMTP id h19mr514111bki.101.1298226469087; Sun, 20 Feb 2011 10:27:49 -0800 (PST) MIME-Version: 1.0 Received: by 10.204.14.141 with HTTP; Sun, 20 Feb 2011 10:27:29 -0800 (PST) In-Reply-To: References: From: Eir Nym Date: Sun, 20 Feb 2011 21:27:29 +0300 Message-ID: To: jhell Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 18:27:51 -0000 On 20 February 2011 06:50, jhell wrote: > > On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >> >> I heard while ago about packet filter update coming, but there're no >> news about. Which status of this update? >> > > This was for OpenBSD pf45 not pf47. The patchset should be somewhere in t= he > archives for HEAD. > Differences between pf45 and pf47 are more smaller than between pf45 and current pf. I've found them, but there no status about. Should I ask same question in freebsd-current@ mail list? > Specifics, > From: Ermal Lu=C3=A7i > Subject: [PATCH] pf(4) patch from OpenBSD 4.5 > Date: Mon, 18 Oct 2010 > Message-ID: > > > Regards, > > -- > > =C2=A0jhell > > From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 18:47:10 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32A1B106566B for ; Sun, 20 Feb 2011 18:47:10 +0000 (UTC) (envelope-from eirnym@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id B3A098FC0A for ; Sun, 20 Feb 2011 18:47:09 +0000 (UTC) Received: by bwz12 with SMTP id 12so1629018bwz.13 for ; Sun, 20 Feb 2011 10:47:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=L3NqgdxKLF/a0VR1xHEMaH3dOvrfxy1MzI8uYvD0c9I=; b=IXDqAFTzFaXWfV+x9drNe+6di0su2ANhECB2EY8v515YafcLCtUv/PQqV+ZG7jY34f tED2h4r4JXUj3MyJA0xBCHiFZbB9BKvVXMQRXqeS4n2MVslyAo+r+F/IpQ72b1I1rkvE lzZ1MXflOJr3v5LvyBqyxfoSimu2XEJXiKhC8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=O1NpgMHfQuYutQXrDSFVdU+FVF4ob9siZOc3MQ/zmw1RmOz+NaSAu0RT0eX02NZd82 tj5cu1Yak8GYpqdNKmIQNty9sePiet5zQwN6W8GU98u4x3QghFH4GxQboREk/pC5F7eJ /3KnBiIcXYijM2U9xqq36THeXhCF2VbvlkV6A= Received: by 10.204.65.83 with SMTP id h19mr525098bki.101.1298227627113; Sun, 20 Feb 2011 10:47:07 -0800 (PST) MIME-Version: 1.0 Received: by 10.204.14.141 with HTTP; Sun, 20 Feb 2011 10:46:46 -0800 (PST) In-Reply-To: References: From: Eir Nym Date: Sun, 20 Feb 2011 21:46:46 +0300 Message-ID: To: Chris Buechler Content-Type: text/plain; charset=UTF-8 Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 18:47:10 -0000 On 20 February 2011 21:38, Chris Buechler wrote: > On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote: >> >> I've found them, but there no status about. >> > > You aren't looking very hard, it's been discussed at length on this > list, check the archives. > I know about several messages which had been sent several months ago to -current and -pf lists. But I ask about status for today about these patches. One example of these mails is: http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html -- From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 19:03:51 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83D471065673 for ; Sun, 20 Feb 2011 19:03:51 +0000 (UTC) (envelope-from cbuechler@gmail.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 3C4A28FC14 for ; Sun, 20 Feb 2011 19:03:50 +0000 (UTC) Received: by vxa40 with SMTP id 40so3047352vxa.13 for ; Sun, 20 Feb 2011 11:03:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=v7dlfsxEykNRkgrI2Paqsi9PdaH77q8qE2QVSMmiVoI=; b=wrFDJiHae7RifrRBxufmWut2rSrMDFYIxbv53Ni0HpIUcERGC9akNgeiTVRPgUuex9 6txDKYKT056drkZG/qhL8haWTwdZ/XUv0z9iptmgJV9hpvIJrbDQItlYxwezgZjvLayX bEjLRW4zXg/+V2FBOdquxHUvxIjbvRrTRFJsM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=IuW4vGSuCSsSx77HTezqhu+d2VKHIeVw+061F8c/aXUrHIqAAt1K2dGWKG4Fv6+WMX C/gtMDnaDIHI7QFYBusGUMpiJR+jFJH60WF2FgnA5UV5F4pP8NwT+RrP2+7rE8h6WgeQ 10JMkqt/pzuG2R+Vm6jXPbig4hH2+R61g1sv0= Received: by 10.52.160.37 with SMTP id xh5mr683259vdb.81.1298227105070; Sun, 20 Feb 2011 10:38:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.124.151 with HTTP; Sun, 20 Feb 2011 10:38:05 -0800 (PST) In-Reply-To: References: From: Chris Buechler Date: Sun, 20 Feb 2011 13:38:05 -0500 Message-ID: To: Eir Nym Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 19:03:51 -0000 On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote: > > I've found them, but there no status about. > You aren't looking very hard, it's been discussed at length on this list, check the archives. From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 19:20:13 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BDC4106566B; Sun, 20 Feb 2011 19:20:13 +0000 (UTC) (envelope-from eirnym@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id BD96F8FC17; Sun, 20 Feb 2011 19:20:12 +0000 (UTC) Received: by bwz12 with SMTP id 12so1642975bwz.13 for ; Sun, 20 Feb 2011 11:20:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=DsH3oNaVL+KhtxwoE5aCsPalw6GxCjSajlyrtOQwu34=; b=sNZ5kVdZN8YlCQRFc9OsoojgVFQcDyFj/oD1qgI/MHgIqViGIHxwezUUU905eKFR+v mWRIaUUINoeWp8/XURboCwhpw6PYoq7wzOire4vPMuWSMRwOMwC825CXRL1gSprU2cJI zCPRziZgbDE++MyHoI3AONSj7rLU9+8sfvGnk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; b=pou+XCDlObi5QUz7ZgJBUAhth2k4lpPARJDvVQ15oErjhUqfuMEseOMtJAeYaqtYiM p0DwG5dE1z03zwGtl0mTUJpTlHCJSySVdPDWonrCZLUmFiiSSvpJPywXLtSE97xtgbQt pod4Bm+4fmj5NBNWZU5dA+WO3eu3OA3YCpYsw= Received: by 10.204.14.202 with SMTP id h10mr541003bka.182.1298229611095; Sun, 20 Feb 2011 11:20:11 -0800 (PST) MIME-Version: 1.0 Received: by 10.204.14.141 with HTTP; Sun, 20 Feb 2011 11:19:51 -0800 (PST) In-Reply-To: References: From: Eir Nym Date: Sun, 20 Feb 2011 22:19:51 +0300 Message-ID: To: =?UTF-8?Q?Ermal_Lu=C3=A7i?= Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 19:20:13 -0000 On 20 February 2011 22:12, Ermal Lu=C3=A7i wrote: > On Sun, Feb 20, 2011 at 7:46 PM, Eir Nym wrote: >> On 20 February 2011 21:38, Chris Buechler wrote: >>> On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote: >>>> >>>> I've found them, but there no status about. >>>> >>> >>> You aren't looking very hard, it's been discussed at length on this >>> list, check the archives. >>> >> I know about several messages which had been sent several months ago >> to -current and -pf lists. But I ask about status for today about >> these patches. >> One example of these mails is: >> http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html >> >> -- >> _______________________________________________ >> freebsd-pf@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >> > > Look at svn.freebsd.org under projects/pf. > > -- > Ermal > Wow! thanks a lot for link! Does this mean that MWC coming soon? From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 19:36:38 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CD5D1065673 for ; Sun, 20 Feb 2011 19:36:38 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2D01F8FC15 for ; Sun, 20 Feb 2011 19:36:37 +0000 (UTC) Received: by iwn39 with SMTP id 39so5501836iwn.13 for ; Sun, 20 Feb 2011 11:36:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=eqcI72ICFPZS0Cf8LWpn6oDu7mBX6NBoCI1wGSuuHr8=; b=d1uvqNTCq9U4tDHr6SL8352mC87uufLadudfzKyQm1i/MLoS7hsKcYZxbhFG1/zYBD rQnHqqFN+ph0cyCP/TpgN0fU0eNe1fNRjQz64XJkxiI6rWHbwtMQSljpJoz48eJK86/b SZ83vTFe6t/UH8fjJOsk2PRhJ/zZ72YDKpWRw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=tr8xUJChub1NdKwfvmAguoAH6sQEF2WRwqrLj1kXb8LBV+XdLV38Fwj8MEEPI3U6py VkXzqg8dJAwk43kG41jV22Ytln/tHFv30/ChZX+opjZpQjvjriYonWToR5auCfN+Sv6E kdfDB4CNQkZ3A/KMoqFQ5Ce8Le1FS2tNiWPVo= MIME-Version: 1.0 Received: by 10.231.206.197 with SMTP id fv5mr511638ibb.84.1298229129202; Sun, 20 Feb 2011 11:12:09 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.231.31.204 with HTTP; Sun, 20 Feb 2011 11:12:09 -0800 (PST) In-Reply-To: References: Date: Sun, 20 Feb 2011 20:12:09 +0100 X-Google-Sender-Auth: SYMKE_QkMjNo1Uop9oEJmwQi5XA Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Eir Nym Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 19:36:38 -0000 On Sun, Feb 20, 2011 at 7:46 PM, Eir Nym wrote: > On 20 February 2011 21:38, Chris Buechler wrote: >> On Sun, Feb 20, 2011 at 1:27 PM, Eir Nym wrote: >>> >>> I've found them, but there no status about. >>> >> >> You aren't looking very hard, it's been discussed at length on this >> list, check the archives. >> > I know about several messages which had been sent several months ago > to -current and -pf lists. But I ask about status for today about > these patches. > One example of these mails is: > http://lists.freebsd.org/pipermail/freebsd-pf/2010-October/005842.html > > -- > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Look at svn.freebsd.org under projects/pf. -- Ermal From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 21:16:48 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0CE41065673; Sun, 20 Feb 2011 21:16:48 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 8F4328FC0C; Sun, 20 Feb 2011 21:16:48 +0000 (UTC) Received: by iwn39 with SMTP id 39so5554853iwn.13 for ; Sun, 20 Feb 2011 13:16:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:date:from:to:cc:subject:in-reply-to :message-id:references:user-agent:x-openpgp-key-id :x-openpgp-key-fingerprint:mime-version:content-type; bh=uIJDs3oz6d7ib0yWKRDDuj6JzXWNVuLmpU2GHDNZb4g=; b=AKsDPSlrBj21GmMXQnHPqCHXA+FeUQhg+JTm1H1VANniR9bmAjhjZW3ORCSBC4hATL 2FHcb6vrTByqr1pLYsly8ig09o0h7PEakTGSlx3E8upohCXfuZxi91OcSDQgqYw3Eky2 tPX7YvRlHFI69ojI/nDCys5CoKHs4lO6JNt3U= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:cc:subject:in-reply-to:message-id:references :user-agent:x-openpgp-key-id:x-openpgp-key-fingerprint:mime-version :content-type; b=TGjOLkjH4q1g/Pi8qeb7tPJqzJ8Unb95LKou2rnGdbSKP4zDXt0ZIAYiYhGTPGySJD e6G8ci4reE1edVhZbOLoj/6zrzQxprZCd/vJ882FXnDPXTXHlVRcYLVqrO8JpYh+LOno Ovbg7tly8YoOlO99SFq55myUyfTdJ15z7dvYk= Received: by 10.231.129.68 with SMTP id n4mr583547ibs.67.1298236607973; Sun, 20 Feb 2011 13:16:47 -0800 (PST) Received: from disbatch.dataix.local (adsl-99-19-47-178.dsl.klmzmi.sbcglobal.net [99.19.47.178]) by mx.google.com with ESMTPS id d21sm4430610ibg.3.2011.02.20.13.16.45 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 20 Feb 2011 13:16:46 -0800 (PST) Sender: "J. Hellenthal" Date: Sun, 20 Feb 2011 16:16:32 -0500 From: jhell To: Eir Nym In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-OpenPGP-Key-Id: 0x89D8547E X-OpenPGP-Key-Fingerprint: 85EF E26B 07BB 3777 76BE B12A 9057 8789 89D8 547E MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 21:16:49 -0000 On Sun, 20 Feb 2011 13:27, eirnym@ wrote: > On 20 February 2011 06:50, jhell wrote: >> >> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>> >>> I heard while ago about packet filter update coming, but there're no >>> news about. Which status of this update? >>> >> >> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in the >> archives for HEAD. >> > > Differences between pf45 and pf47 are more smaller than between pf45 > and current pf. > > I've found them, but there no status about. Should I ask same question > in freebsd-current@ mail list? > Difference being that after pf45 there was a syntax change that is nearly incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was voted as the most likely to be merged into HEAD. There is an email from Theo @openbsd.org about the syntactic changes that have made people a little jumpy at adopting pf > 45 but eventually it will work its way in. What advantages to using pf47 over using pf45 have you found in ``real use'' ? and how realistic are those changes for the masses ? -- jhell From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 22:40:20 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CB0D010656D9 for ; Sun, 20 Feb 2011 22:40:20 +0000 (UTC) (envelope-from max@mxcrypt.com) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) by mx1.freebsd.org (Postfix) with ESMTP id 889CC8FC13 for ; Sun, 20 Feb 2011 22:40:20 +0000 (UTC) Received: by vxa40 with SMTP id 40so3114258vxa.13 for ; Sun, 20 Feb 2011 14:40:19 -0800 (PST) Received: by 10.52.156.233 with SMTP id wh9mr853682vdb.235.1298240203129; Sun, 20 Feb 2011 14:16:43 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.42.67 with HTTP; Sun, 20 Feb 2011 14:16:12 -0800 (PST) In-Reply-To: References: From: Maxim Khitrov Date: Sun, 20 Feb 2011 17:16:12 -0500 Message-ID: To: jhell Content-Type: text/plain; charset=UTF-8 Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 22:40:20 -0000 On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote: > > On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >> >> On 20 February 2011 06:50, jhell wrote: >>> >>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>> >>>> I heard while ago about packet filter update coming, but there're no >>>> news about. Which status of this update? >>>> >>> >>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in >>> the >>> archives for HEAD. >>> >> >> Differences between pf45 and pf47 are more smaller than between pf45 >> and current pf. >> >> I've found them, but there no status about. Should I ask same question >> in freebsd-current@ mail list? >> > > Difference being that after pf45 there was a syntax change that is nearly > incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was > voted as the most likely to be merged into HEAD. > > There is an email from Theo @openbsd.org about the syntactic changes that > have made people a little jumpy at adopting pf > 45 but eventually it will > work its way in. > > What advantages to using pf47 over using pf45 have you found in ``real use'' > ? and how realistic are those changes for the masses ? The firewall (FreeBSD 7.3) that I manage at work currently contains 36 nat/rdr rules and 39 filter rules. It's responsible for passing traffic between 4 different networks. After reading the OpenBSD pf FAQ, the biggest advantage that I see of pf47+ is the ability to combine related filter/nat/rdr rules, making the entire ruleset easier to maintain. Personally, I would love to see the latest version of pf make it into FreeBSD 9 or even one of the 8.x releases. Compatibility with existing syntax is not as important to me as the ability to simplify my set of rules. - Max From owner-freebsd-pf@FreeBSD.ORG Sun Feb 20 23:10:09 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E1DC7106566B for ; Sun, 20 Feb 2011 23:10:08 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [IPv6:2001:4068:10::3]) by mx1.freebsd.org (Postfix) with ESMTP id 3F9348FC12 for ; Sun, 20 Feb 2011 23:10:08 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 4142241C705; Mon, 21 Feb 2011 00:10:07 +0100 (CET) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([192.168.74.103]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id LoJCBeiDIjHG; Mon, 21 Feb 2011 00:10:06 +0100 (CET) Received: by mail.cksoft.de (Postfix, from userid 66) id 43AEB41C6B4; Mon, 21 Feb 2011 00:10:06 +0100 (CET) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id A853D4448F3; Sun, 20 Feb 2011 23:06:15 +0000 (UTC) Date: Sun, 20 Feb 2011 23:06:15 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Maxim Khitrov In-Reply-To: Message-ID: <20110220225113.E13400@maildrop.int.zabbadoz.net> References: X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-pf@freebsd.org Subject: Re: (no) PF from OpenBSD 4.7: X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Feb 2011 23:10:09 -0000 On Sun, 20 Feb 2011, Maxim Khitrov wrote: Hey, > On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote: >> >> On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >>> >>> On 20 February 2011 06:50, jhell wrote: >>>> >>>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>>> >>>>> I heard while ago about packet filter update coming, but there're no >>>>> news about. Which status of this update? >>>>> >>>> >>>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in >>>> the >>>> archives for HEAD. >>>> >>> >>> Differences between pf45 and pf47 are more smaller than between pf45 >>> and current pf. >>> >>> I've found them, but there no status about. Should I ask same question >>> in freebsd-current@ mail list? >>> >> >> Difference being that after pf45 there was a syntax change that is nearly >> incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was >> voted as the most likely to be merged into HEAD. >> >> There is an email from Theo @openbsd.org about the syntactic changes that >> have made people a little jumpy at adopting pf > 45 but eventually it will >> work its way in. >> >> What advantages to using pf47 over using pf45 have you found in ``real use'' >> ? and how realistic are those changes for the masses ? > > The firewall (FreeBSD 7.3) that I manage at work currently contains 36 > nat/rdr rules and 39 filter rules. It's responsible for passing > traffic between 4 different networks. After reading the OpenBSD pf > FAQ, the biggest advantage that I see of pf47+ is the ability to > combine related filter/nat/rdr rules, making the entire ruleset easier > to maintain. > > Personally, I would love to see the latest version of pf make it into > FreeBSD 9 or even one of the 8.x releases. Compatibility with existing > syntax is not as important to me as the ability to simplify my set of > rules. I can already tell you that this will most likely not happen. There is a lot of discussion (mostly private) going on and we'll see what the plan to move forward will be after 9.0. For 9.0 it will be pf45 + cherry picking + patches. The current ongoing work, based on Ermal's previous patches is in svn://svn.freebsd.org/base/projects/pf/pf45/ as of a couple of days and Ermal and I have been working on cleaning it up and finalizing it the last days. You can check that out (it's a HEAD from 2 days ago) which passes universe now. It needs more whitespace cleanup and a tiny bit here and there but is very good for testing! If you simply care about simplifying your ruleset, use a preprocossor but frankly with 36+39 entries I wouldn't even start pondering about simplification as that still fits on a single screen. Seriously, for most users modifying the ruleset when updating IS the worst that can happen, the same way two different versions of pfsync don't work together anymore, etc. The lessons learnt from breaking backward compantibility last time are still very present and though we cannot currently get it 100% right we try hard to do the best we can to not break again. Similar reasoning applies to 3rd party mgmt software that sits on top of the syntax in a UI, etc. /bz -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. From owner-freebsd-pf@FreeBSD.ORG Mon Feb 21 08:10:27 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6A02106566C for ; Mon, 21 Feb 2011 08:10:26 +0000 (UTC) (envelope-from ermal.luci@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id A8F518FC0C for ; Mon, 21 Feb 2011 08:10:26 +0000 (UTC) Received: by iwn33 with SMTP id 33so342410iwn.13 for ; Mon, 21 Feb 2011 00:10:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=zQ/G8e7xqzH7CTbECnow1AaB7Du3Df1Iz4kNrRuaDkU=; b=tUbBvNSjm81lRMgvAV623stwxnOxnGhnZVKzry8drGEcgDroCLWF+2TmMMyIjTpAyf 8nHYZFaHWBK8iUT4zwU/yc5CYwPekZlfwBMk5wPLZhYh1IcS/gp9K936q2cl9SqT3QfQ rhNtUqyTfhni4rxN7f6/ylSJh3dyfOiDmia2E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=hE6IVG9kLBOEgswWAdryeW0ah0otJPJkNdHH0N/z94XZ6Zcn06XZEJRJlrS7gL7J+L MWipodENeuFmqLLjwjQoKusSiSl2jRJx/5ZlPtzGxoTebRCjd9p97r+kvRTK1zBU/2zq vq+1INSiRHkhXN05llgfUXPYFU5GUcH4oSBQU= MIME-Version: 1.0 Received: by 10.42.224.8 with SMTP id im8mr1598018icb.491.1298275824618; Mon, 21 Feb 2011 00:10:24 -0800 (PST) Sender: ermal.luci@gmail.com Received: by 10.231.31.204 with HTTP; Mon, 21 Feb 2011 00:10:24 -0800 (PST) In-Reply-To: References: Date: Mon, 21 Feb 2011 09:10:24 +0100 X-Google-Sender-Auth: 6eIuYw12TyM2aBG_s043Ys23zUU Message-ID: From: =?ISO-8859-1?Q?Ermal_Lu=E7i?= To: Maxim Khitrov Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-pf@freebsd.org Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2011 08:10:27 -0000 On Sun, Feb 20, 2011 at 11:16 PM, Maxim Khitrov wrote: > On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote: >> >> On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >>> >>> On 20 February 2011 06:50, jhell wrote: >>>> >>>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>>> >>>>> I heard while ago about packet filter update coming, but there're no >>>>> news about. Which status of this update? >>>>> >>>> >>>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in >>>> the >>>> archives for HEAD. >>>> >>> >>> Differences between pf45 and pf47 are more smaller than between pf45 >>> and current pf. >>> >>> I've found them, but there no status about. Should I ask same question >>> in freebsd-current@ mail list? >>> >> >> Difference being that after pf45 there was a syntax change that is nearly >> incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was >> voted as the most likely to be merged into HEAD. >> >> There is an email from Theo @openbsd.org about the syntactic changes that >> have made people a little jumpy at adopting pf > 45 but eventually it will >> work its way in. >> >> What advantages to using pf47 over using pf45 have you found in ``real use'' >> ? and how realistic are those changes for the masses ? > > The firewall (FreeBSD 7.3) that I manage at work currently contains 36 > nat/rdr rules and 39 filter rules. It's responsible for passing > traffic between 4 different networks. After reading the OpenBSD pf > FAQ, the biggest advantage that I see of pf47+ is the ability to > combine related filter/nat/rdr rules, making the entire ruleset easier > to maintain. > You can do that even today on FreeBSD if you disable ruleset ordering checks. AFAIK the only benefit from the syntax changes are for benefiting in some rare setups and having the possibility to enforce some rules before nat being applied. Other than that i do not see anything else! > Personally, I would love to see the latest version of pf make it into > FreeBSD 9 or even one of the 8.x releases. Compatibility with existing > syntax is not as important to me as the ability to simplify my set of > rules. > > - Max > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > -- Ermal From owner-freebsd-pf@FreeBSD.ORG Mon Feb 21 08:18:28 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 212801065673 for ; Mon, 21 Feb 2011 08:18:28 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-fx0-f54.google.com (mail-fx0-f54.google.com [209.85.161.54]) by mx1.freebsd.org (Postfix) with ESMTP id AD0098FC1A for ; Mon, 21 Feb 2011 08:18:27 +0000 (UTC) Received: by fxm19 with SMTP id 19so2287537fxm.13 for ; Mon, 21 Feb 2011 00:18:26 -0800 (PST) Received: by 10.223.101.136 with SMTP id c8mr1452515fao.100.1298276306521; Mon, 21 Feb 2011 00:18:26 -0800 (PST) Received: from [10.125.50.221] ([92.90.16.37]) by mx.google.com with ESMTPS id n26sm2277977fam.13.2011.02.21.00.18.21 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 21 Feb 2011 00:18:25 -0800 (PST) References: In-Reply-To: Mime-Version: 1.0 (iPhone Mail 8A293) Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Message-Id: <9EFB32D1-489C-44C5-8D70-95685099AC03@my.gd> X-Mailer: iPhone Mail (8A293) From: Damien Fleuriot Date: Mon, 21 Feb 2011 09:17:55 +0100 To: Maxim Khitrov Cc: "freebsd-pf@freebsd.org" Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2011 08:18:28 -0000 On 20 Feb 2011, at 23:16, Maxim Khitrov wrote: > On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote: >>=20 >> On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >>>=20 >>> On 20 February 2011 06:50, jhell wrote: >>>>=20 >>>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>>>=20 >>>>> I heard while ago about packet filter update coming, but there're no >>>>> news about. Which status of this update? >>>>>=20 >>>>=20 >>>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in= >>>> the >>>> archives for HEAD. >>>>=20 >>>=20 >>> Differences between pf45 and pf47 are more smaller than between pf45 >>> and current pf. >>>=20 >>> I've found them, but there no status about. Should I ask same question >>> in freebsd-current@ mail list? >>>=20 >>=20 >> Difference being that after pf45 there was a syntax change that is nearly= >> incompatible with the current pf41-45 syntax so AFAIR based on that pf45 w= as >> voted as the most likely to be merged into HEAD. >>=20 >> There is an email from Theo @openbsd.org about the syntactic changes that= >> have made people a little jumpy at adopting pf > 45 but eventually it wil= l >> work its way in. >>=20 >> What advantages to using pf47 over using pf45 have you found in ``real us= e'' >> ? and how realistic are those changes for the masses ? >=20 > The firewall (FreeBSD 7.3) that I manage at work currently contains 36 > nat/rdr rules and 39 filter rules. It's responsible for passing > traffic between 4 different networks. After reading the OpenBSD pf > FAQ, the biggest advantage that I see of pf47+ is the ability to > combine related filter/nat/rdr rules, making the entire ruleset easier > to maintain. >=20 See it another way, you've got as little as 70 rules to maintain, overall. I have 1k ish spread over roughly 20 PF boxes. While I yearn for the ability to use include directives and such, my main co= ncern remains that during an upgrade the risk be minimal. > Personally, I would love to see the latest version of pf make it into > FreeBSD 9 or even one of the 8.x releases. Compatibility with existing > syntax is not as important to me as the ability to simplify my set of > rules. >=20 As a matter of fact and without considering wether this would be doable or n= ot: It would be awesome to be able to choose in the kernel config file the desir= ed version for pf. Have both pf45 and pf47, with the current "pf" entry referring to pf45 not t= o break anything. Would that even be feasible guys ? > - Max > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" From owner-freebsd-pf@FreeBSD.ORG Mon Feb 21 11:07:05 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B07D10656DF for ; Mon, 21 Feb 2011 11:07:05 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1857D8FC1C for ; Mon, 21 Feb 2011 11:07:05 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1LB74Ce075779 for ; Mon, 21 Feb 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1LB74j4075777 for freebsd-pf@FreeBSD.org; Mon, 21 Feb 2011 11:07:04 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 21 Feb 2011 11:07:04 GMT Message-Id: <201102211107.p1LB74j4075777@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-pf@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-pf@FreeBSD.org X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2011 11:07:05 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/153307 pf [pf] Bug with PF firewall o kern/148290 pf [pf] "sticky-address" option of Packet Filter (PF) blo o kern/148260 pf [pf] [patch] pf rdr incompatible with dummynet o kern/147789 pf [pf] Firewall PF no longer drops connections by sendin o kern/146832 pf [pf] "(self)" not always matching all local IPv6 addre o kern/143543 pf [pf] [panic] PF route-to causes kernel panic o bin/143504 pf [patch] outgoing states are not killed by authpf(8) o conf/142961 pf [pf] No way to adjust pidfile in pflogd o conf/142817 pf [patch] etc/rc.d/pf: silence pfctl o kern/141905 pf [pf] [panic] pf kernel panic on 7.2-RELEASE with empty o kern/140697 pf [pf] pf behaviour changes - must be documented o kern/137982 pf [pf] when pf can hit state limits, random IP failures o kern/136781 pf [pf] Packets appear to drop with pf scrub and if_bridg o kern/135948 pf [pf] [gre] pf not natting gre protocol o kern/135162 pf [pfsync] pfsync(4) not usable with GENERIC kernel o kern/134996 pf [pf] Anchor tables not included when pfctl(8) is run w o kern/133732 pf [pf] max-src-conn issue o kern/132769 pf [pf] [lor] 2 LOR's with pf task mtx / ifnet and rtent f kern/132176 pf [pf] pf stalls connection when using route-to [regress o conf/130381 pf [rc.d] [pf] [ip6] ipv6 not fully configured when pf st o kern/129861 pf [pf] [patch] Argument names reversed in pf_table.c:_co o kern/127920 pf [pf] ipv6 and synproxy don't play well together o conf/127814 pf [pf] The flush in pf_reload in /etc/rc.d/pf does not w o kern/127439 pf [pf] deadlock in pf f kern/127345 pf [pf] Problem with PF on FreeBSD7.0 [regression] o kern/127121 pf [pf] [patch] pf incorrect log priority o kern/127042 pf [pf] [patch] pf recursion panic if interface group is o kern/125467 pf [pf] pf keep state bug while handling sessions between s kern/124933 pf [pf] [ip6] pf does not support (drops) IPv6 fragmented o kern/124364 pf [pf] [panic] Kernel panic with pf + bridge o kern/122773 pf [pf] pf doesn't log uid or pid when configured to o kern/122014 pf [pf] [panic] FreeBSD 6.2 panic in pf o kern/120281 pf [pf] [request] lost returning packets to PF for a rdr o kern/120057 pf [pf] [patch] Allow proper settings of ALTQ_HFSC. The c o bin/118355 pf [pf] [patch] pfctl(8) help message options order false o kern/114567 pf [pf] [lor] pf_ioctl.c + if.c o kern/114095 pf [carp] carp+pf delay with high state limit o kern/111220 pf [pf] repeatable hangs while manipulating pf tables s conf/110838 pf [pf] tagged parameter on nat not working on FreeBSD 5. o kern/103283 pf pfsync fails to sucessfully transfer some sessions o kern/103281 pf pfsync reports bulk update failures o kern/93825 pf [pf] pf reply-to doesn't work o sparc/93530 pf [pf] Incorrect checksums when using pf's route-to on s o kern/92949 pf [pf] PF + ALTQ problems with latency o bin/86635 pf [patch] pfctl(8): allow new page character (^L) in pf. o kern/82271 pf [pf] cbq scheduler cause bad latency 46 problems total. From owner-freebsd-pf@FreeBSD.ORG Mon Feb 21 14:12:51 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B1AB1106564A for ; Mon, 21 Feb 2011 14:12:51 +0000 (UTC) (envelope-from max@mxcrypt.com) Received: from mail-vw0-f48.google.com (mail-vw0-f48.google.com [209.85.212.48]) by mx1.freebsd.org (Postfix) with ESMTP id 6A78F8FC15 for ; Mon, 21 Feb 2011 14:12:51 +0000 (UTC) Received: by vws20 with SMTP id 20so1900643vws.35 for ; Mon, 21 Feb 2011 06:12:50 -0800 (PST) Received: by 10.220.74.207 with SMTP id v15mr296854vcj.110.1298297561324; Mon, 21 Feb 2011 06:12:41 -0800 (PST) MIME-Version: 1.0 Received: by 10.220.42.67 with HTTP; Mon, 21 Feb 2011 06:12:11 -0800 (PST) In-Reply-To: <9EFB32D1-489C-44C5-8D70-95685099AC03@my.gd> References: <9EFB32D1-489C-44C5-8D70-95685099AC03@my.gd> From: Maxim Khitrov Date: Mon, 21 Feb 2011 09:12:11 -0500 Message-ID: To: Damien Fleuriot Content-Type: text/plain; charset=UTF-8 Cc: "Bjoern A. Zeeb" , "freebsd-pf@freebsd.org" Subject: Re: PF from OpenBSD 4.7 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Feb 2011 14:12:51 -0000 On Mon, Feb 21, 2011 at 3:17 AM, Damien Fleuriot wrote: > On 20 Feb 2011, at 23:16, Maxim Khitrov wrote: > >> On Sun, Feb 20, 2011 at 4:16 PM, jhell wrote: >>> >>> On Sun, 20 Feb 2011 13:27, eirnym@ wrote: >>>> >>>> On 20 February 2011 06:50, jhell wrote: >>>>> >>>>> On Fri, 18 Feb 2011 03:26, eirnym@ wrote: >>>>>> >>>>>> I heard while ago about packet filter update coming, but there're no >>>>>> news about. Which status of this update? >>>>>> >>>>> >>>>> This was for OpenBSD pf45 not pf47. The patchset should be somewhere in >>>>> the >>>>> archives for HEAD. >>>>> >>>> >>>> Differences between pf45 and pf47 are more smaller than between pf45 >>>> and current pf. >>>> >>>> I've found them, but there no status about. Should I ask same question >>>> in freebsd-current@ mail list? >>>> >>> >>> Difference being that after pf45 there was a syntax change that is nearly >>> incompatible with the current pf41-45 syntax so AFAIR based on that pf45 was >>> voted as the most likely to be merged into HEAD. >>> >>> There is an email from Theo @openbsd.org about the syntactic changes that >>> have made people a little jumpy at adopting pf > 45 but eventually it will >>> work its way in. >>> >>> What advantages to using pf47 over using pf45 have you found in ``real use'' >>> ? and how realistic are those changes for the masses ? >> >> The firewall (FreeBSD 7.3) that I manage at work currently contains 36 >> nat/rdr rules and 39 filter rules. It's responsible for passing >> traffic between 4 different networks. After reading the OpenBSD pf >> FAQ, the biggest advantage that I see of pf47+ is the ability to >> combine related filter/nat/rdr rules, making the entire ruleset easier >> to maintain. >> > > See it another way, you've got as little as 70 rules to maintain, overall. > > I have 1k ish spread over roughly 20 PF boxes. > > While I yearn for the ability to use include directives and such, my main concern remains that during an upgrade the risk be minimal. > >> Personally, I would love to see the latest version of pf make it into >> FreeBSD 9 or even one of the 8.x releases. Compatibility with existing >> syntax is not as important to me as the ability to simplify my set of >> rules. >> > > As a matter of fact and without considering wether this would be doable or not: > > It would be awesome to be able to choose in the kernel config file the desired version for pf. > > Have both pf45 and pf47, with the current "pf" entry referring to pf45 not to break anything. > > > Would that even be feasible guys ? +1 for that idea. If it is technically possible, this would allow most people to take advantage of the latest and greatest features, without forcing those with huge existing rulesets to upgrade. In addition, the upgrade process would be made significantly easier by requiring only a recompilation of the kernel, separating this task from moving to the next FreeBSD release. - Max From owner-freebsd-pf@FreeBSD.ORG Tue Feb 22 02:54:41 2011 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C8D6C1065673; Tue, 22 Feb 2011 02:54:41 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9F9898FC17; Tue, 22 Feb 2011 02:54:41 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1M2sfaH091901; Tue, 22 Feb 2011 02:54:41 GMT (envelope-from eadler@freefall.freebsd.org) Received: (from eadler@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1M2seN0091897; Mon, 21 Feb 2011 21:54:40 -0500 (EST) (envelope-from eadler) Date: Mon, 21 Feb 2011 21:54:40 -0500 (EST) Message-Id: <201102220254.p1M2seN0091897@freefall.freebsd.org> To: venglin@freebsd.lublin.pl, eadler@FreeBSD.org, freebsd-pf@FreeBSD.org From: eadler@FreeBSD.org Cc: Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2011 02:54:41 -0000 Synopsis: [pf] repeatable hangs while manipulating pf tables State-Changed-From-To: open->feedback State-Changed-By: eadler State-Changed-When: Mon Feb 21 21:53:24 EST 2011 State-Changed-Why: Can you reproduce this on a recent version of FreeBSD? http://www.freebsd.org/cgi/query-pr.cgi?pr=111220 From owner-freebsd-pf@FreeBSD.ORG Tue Feb 22 22:47:40 2011 Return-Path: Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BE75106564A; Tue, 22 Feb 2011 22:47:40 +0000 (UTC) (envelope-from przemyslaw@frasunek.com) Received: from lagoon.freebsd.lublin.pl (lagoon.freebsd.lublin.pl [IPv6:2a02:2928:a::3]) by mx1.freebsd.org (Postfix) with ESMTP id 3A3268FC1C; Tue, 22 Feb 2011 22:47:40 +0000 (UTC) Received: from [IPv6:2a02:2928:a:ffff:91a7:6672:1a8c:c94a] (unknown [IPv6:2a02:2928:a:ffff:91a7:6672:1a8c:c94a]) by lagoon.freebsd.lublin.pl (Postfix) with ESMTPSA id 7D00623944C; Tue, 22 Feb 2011 23:47:38 +0100 (CET) Message-ID: <4D643D0B.90307@frasunek.com> Date: Tue, 22 Feb 2011 23:47:39 +0100 From: Przemyslaw Frasunek Organization: frasunek.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; pl; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: eadler@FreeBSD.org References: <201102220254.p1M2seN0091897@freefall.freebsd.org> In-Reply-To: <201102220254.p1M2seN0091897@freefall.freebsd.org> X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@FreeBSD.org Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2011 22:47:40 -0000 > Can you reproduce this on a recent version of FreeBSD? No, this PR can be closed now. Thanks. From owner-freebsd-pf@FreeBSD.ORG Wed Feb 23 00:00:27 2011 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E82A106566C for ; Wed, 23 Feb 2011 00:00:27 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 523688FC12 for ; Wed, 23 Feb 2011 00:00:27 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1N00ROD076480 for ; Wed, 23 Feb 2011 00:00:27 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1N00R46076471; Wed, 23 Feb 2011 00:00:27 GMT (envelope-from gnats) Date: Wed, 23 Feb 2011 00:00:27 GMT Message-Id: <201102230000.p1N00R46076471@freefall.freebsd.org> To: freebsd-pf@FreeBSD.org From: Eitan Adler Cc: Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eitan Adler List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Feb 2011 00:00:27 -0000 The following reply was made to PR kern/111220; it has been noted by GNATS. From: Eitan Adler To: bug-followup@freebsd.org Cc: Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables Date: Tue, 22 Feb 2011 18:56:12 -0500 ---------- Forwarded message ---------- From: Przemyslaw Frasunek Date: Tue, Feb 22, 2011 at 5:47 PM Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables To: eadler@freebsd.org Cc: freebsd-pf@freebsd.org > Can you reproduce this on a recent version of FreeBSD? No, this PR can be closed now. Thanks. -- Eitan Adler From owner-freebsd-pf@FreeBSD.ORG Wed Feb 23 00:09:14 2011 Return-Path: Delivered-To: freebsd-pf@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE057106576C; Wed, 23 Feb 2011 00:09:14 +0000 (UTC) (envelope-from eadler@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B37918FC1B; Wed, 23 Feb 2011 00:09:14 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p1N09EbN088761; Wed, 23 Feb 2011 00:09:14 GMT (envelope-from eadler@freefall.freebsd.org) Received: (from eadler@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p1N09E4f088757; Tue, 22 Feb 2011 19:09:14 -0500 (EST) (envelope-from eadler) Date: Tue, 22 Feb 2011 19:09:14 -0500 (EST) Message-Id: <201102230009.p1N09E4f088757@freefall.freebsd.org> To: venglin@freebsd.lublin.pl, eadler@FreeBSD.org, freebsd-pf@FreeBSD.org From: eadler@FreeBSD.org Cc: Subject: Re: kern/111220: [pf] repeatable hangs while manipulating pf tables X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Feb 2011 00:09:14 -0000 Synopsis: [pf] repeatable hangs while manipulating pf tables State-Changed-From-To: feedback->closed State-Changed-By: eadler State-Changed-When: Tue Feb 22 19:06:06 EST 2011 State-Changed-Why: Feedback received - this can no longer be reproduced http://www.freebsd.org/cgi/query-pr.cgi?pr=111220