Date: Sat, 13 Apr 2013 17:01:29 -0600 From: Scott Long <scott4long@yahoo.com> To: Rui Paulo <rpaulo@FreeBSD.org> Cc: Scott Long <scottl@samsco.org>, "current@freebsd.org" <current@FreeBSD.org>, "net@freebsd.org" <net@FreeBSD.org> Subject: Re: ipfilter(4) needs maintainer Message-ID: <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> In-Reply-To: <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <E2F803DD-1F3A-430E-957F-7AB1904CDF42@samsco.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Apr 13, 2013, at 11:43 AM, Rui Paulo <rpaulo@FreeBSD.org> wrote: > On 2013/04/13, at 5:03, Scott Long <scottl@samsco.org> wrote: >> You target audience for this isn't people who track CURRENT, it's people w= ho are on 7, 8, or 9 and looking to update to 10.x sometime in the future. >=20 > Yes, I'm aware of that, but the problem remains. If ipfilter is broken or g= ets broken because of the networking stack changes, we'll have to fix it to k= eep the deprecation path going... >=20 Welcome to the challenges of maintaining a whole OS :-) >>>> So with that said, would it be possible to write some tutorials on how t= o migrate an ipfilter installation to pf? Maybe some mechanical syntax docs= accompanied by a few case studies? Is it possible for a script to automate= some of the common mechanical changes? Also essential is a clear document o= n what goes away with ipfilter and what is gained with pf. Once those tools= are written, I suggest announcing that ipfilter is available but deprecated= /unsupported in FreeBSD 10, and will be removed from FreeBSD 11. Certain pe= ople will still pitch a fit about it departing, but if the tools are there t= o help the common users, you'll be successful in winning mindshare and gener= al support. >>>=20 >>>=20 >>> It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, b= ut I'm not sure automated tools exist. I'm also not convinced we need to wri= te them and I think the issue can be deal with by writing a bunch of example= s on how to do it manually. Then we can give people 1y to switch. >>=20 >> Please believe me that no matter how trivial you think the switch is, a m= igration guide still needs to be written. >=20 >=20 > A migration *guide*, yes. Tools to convert one syntax to another: no. >=20 Ok, so in response to this and to Glebs email, lets rephrase the call for he= lp into a call for someone with ipfilter experience to help write a migratio= n guide. Like I said, this isn't about migrating from 10-current to 10-curr= ent prime, it about migrating from 7/8/9 where up ipfilter does work. Maybe= look for old openbsd docs and mailing list items from when they did their f= orced migration. Maybe fish for help by announcing the deprecation and remo= val schedule and hook whomever complains into helping instead. Maybe someth= ing else, but whatever it is, it should be done. If you and Gleb don't want= to do this, I will. Scott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2DA4A561-3304-432D-B5D1-7053A27E758F>