From owner-freebsd-net@FreeBSD.ORG Sat Apr 13 23:01:31 2013 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 8756718A for ; Sat, 13 Apr 2013 23:01:31 +0000 (UTC) (envelope-from scott4long@yahoo.com) Received: from nm19.bullet.mail.bf1.yahoo.com (nm19.bullet.mail.bf1.yahoo.com [98.139.212.178]) by mx1.freebsd.org (Postfix) with SMTP id 2A3E91703 for ; Sat, 13 Apr 2013 23:01:31 +0000 (UTC) Received: from [98.139.215.143] by nm19.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2013 23:01:30 -0000 Received: from [76.13.13.228] by tm14.bullet.mail.bf1.yahoo.com with NNFMP; 13 Apr 2013 23:01:30 -0000 Received: from [127.0.0.1] by smtp107-mob.biz.mail.ac4.yahoo.com with NNFMP; 13 Apr 2013 23:01:30 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1365894090; bh=MB77me6FnuoXHyzsbc1NiiiUuXBdLnyjmV9Rp3CiesM=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:X-Rocket-Received:References:Mime-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Message-Id:Cc:X-Mailer:From:Subject:Date:To; b=LWrQLzEuSIBO1WBLNUYzWTxkW7FjY4lmOFfNUw3ys1/9qwhJ1VSragX1EgtD6ealPYCm2PL8dbbeYgm5cmIS/YHplj/NFAKEY2rbgsHeLPQ7e3qKGsjKUkdQxAm91gIR7V2EBJblxeknQq7KZezzOKnFdVY9Un/w5+kQ8kNRmEc= X-Yahoo-Newman-Id: 345441.26413.bm@smtp107-mob.biz.mail.ac4.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: Mu3qXagVM1mdY3BXwVvJdbJUVa2H2gL41i2RNLg05aCBpnd 3_UdCuRRAFR5VgIuehgNHl.rdN0vFOY7ygp9uM0YgupuxizNPg0cYFigZdSn r8lOmR6gjD13wsZQZK.wNa9kou.4NUQG0OrfkpEUXTJGPXSl6d5Vog4sLbdH tBp4EasnWpXtXL28G203PjEJj914NfbJGIA00noKyVSK1SxDpOHr4RJ1YquV dYkWXedF7SWDTXGsnjhmMp_FpBhInLAxR61ZXfuGU3hTYIY3.pdn_yXDxl_o tgsKnvt6c1iZNfF0wosKZJ0MzhRfKCdXkV6O6maHoAJSxB4ihw9qdGVYd066 5Aikl.exTa5vltaKpjzoewWYYaV5Cc8hWTyrkRep9Z7hpcJhwd_ZPnb0sDSI 3P9h12k52cyfsmetbYSn3WdYPIbVdh_E_ZMzwODRFhAJhylq5eECmNDkWlT3 EfR5rlYkd0kjRy.0USck1dK0_ZSlMeydb X-Yahoo-SMTP: clhABp.swBB7fs.LwIJpv3jkWgo2NU8- X-Rocket-Received: from [10.184.10.106] (scott4long@70.196.197.242 with xymcookie) by smtp107-mob.biz.mail.ac4.yahoo.com with SMTP; 13 Apr 2013 16:01:30 -0700 PDT References: <20130411201805.GD76816@FreeBSD.org> <7D8ACD5C-821D-4505-82E4-02267A7BA4F8@FreeBSD.org> <96D56EAE-E797-429E-AEC9-42B19B048CCC@FreeBSD.org> <6DEDD3EA-45C1-4549-AA13-5E4F6674BE3E@samsco.org> <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> Mime-Version: 1.0 (1.0) In-Reply-To: <2D0B66DB-E232-4F34-9D01-57DF226B9BAA@FreeBSD.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-Id: <2DA4A561-3304-432D-B5D1-7053A27E758F@yahoo.com> X-Mailer: iPhone Mail (10B329) From: Scott Long Subject: Re: ipfilter(4) needs maintainer Date: Sat, 13 Apr 2013 17:01:29 -0600 To: Rui Paulo Cc: Scott Long , "current@freebsd.org" , "net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Apr 2013 23:01:31 -0000 On Apr 13, 2013, at 11:43 AM, Rui Paulo wrote: > On 2013/04/13, at 5:03, Scott Long wrote: >> You target audience for this isn't people who track CURRENT, it's people w= ho are on 7, 8, or 9 and looking to update to 10.x sometime in the future. >=20 > Yes, I'm aware of that, but the problem remains. If ipfilter is broken or g= ets broken because of the networking stack changes, we'll have to fix it to k= eep the deprecation path going... >=20 Welcome to the challenges of maintaining a whole OS :-) >>>> So with that said, would it be possible to write some tutorials on how t= o migrate an ipfilter installation to pf? Maybe some mechanical syntax docs= accompanied by a few case studies? Is it possible for a script to automate= some of the common mechanical changes? Also essential is a clear document o= n what goes away with ipfilter and what is gained with pf. Once those tools= are written, I suggest announcing that ipfilter is available but deprecated= /unsupported in FreeBSD 10, and will be removed from FreeBSD 11. Certain pe= ople will still pitch a fit about it departing, but if the tools are there t= o help the common users, you'll be successful in winning mindshare and gener= al support. >>>=20 >>>=20 >>> It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, b= ut I'm not sure automated tools exist. I'm also not convinced we need to wri= te them and I think the issue can be deal with by writing a bunch of example= s on how to do it manually. Then we can give people 1y to switch. >>=20 >> Please believe me that no matter how trivial you think the switch is, a m= igration guide still needs to be written. >=20 >=20 > A migration *guide*, yes. Tools to convert one syntax to another: no. >=20 Ok, so in response to this and to Glebs email, lets rephrase the call for he= lp into a call for someone with ipfilter experience to help write a migratio= n guide. Like I said, this isn't about migrating from 10-current to 10-curr= ent prime, it about migrating from 7/8/9 where up ipfilter does work. Maybe= look for old openbsd docs and mailing list items from when they did their f= orced migration. Maybe fish for help by announcing the deprecation and remo= val schedule and hook whomever complains into helping instead. Maybe someth= ing else, but whatever it is, it should be done. If you and Gleb don't want= to do this, I will. Scott