From owner-freebsd-questions@FreeBSD.ORG  Thu Jan 22 15:38:53 2015
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id CF0692E4
 for <freebsd-questions@freebsd.org>; Thu, 22 Jan 2015 15:38:53 +0000 (UTC)
Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.52.97])
 by mx1.freebsd.org (Postfix) with ESMTP id 8B7836D5
 for <freebsd-questions@freebsd.org>; Thu, 22 Jan 2015 15:38:53 +0000 (UTC)
Received: by cosmo.uchicago.edu (Postfix, from userid 48)
 id C5CE4CB8C96; Thu, 22 Jan 2015 09:38:51 -0600 (CST)
Received: from 128.135.70.2 (SquirrelMail authenticated user valeri)
 by cosmo.uchicago.edu with HTTP;
 Thu, 22 Jan 2015 09:38:51 -0600 (CST)
Message-ID: <47390.128.135.70.2.1421941131.squirrel@cosmo.uchicago.edu>
In-Reply-To: <54C08881.2010200@ShaneWare.Biz>
References: <CAAdA2WMudfd0J9RP_3UL+EMC8Vh3Crks8c-6U5f7AQMBSR0XJQ@mail.gmail.com>
 <CAOc73CCsrnqskLJKFbQH2W-EYH7yi=AXiSKw8jLYz0O35spJ5g@mail.gmail.com>
 <CAAdA2WOeiEv2opf4ZMDAf=LvC5TUCbC8+AeE0ecf7Ac+=jQ1-w@mail.gmail.com>
 <54BF7050.90605@ShaneWare.Biz>
 <CAAdA2WPr4jjdS3MiuNkuG2JQCA_LAaSndhe=cRxiSHVf9o_yRw@mail.gmail.com>
 <51264.128.135.70.2.1421883154.squirrel@cosmo.uchicago.edu>
 <54C08881.2010200@ShaneWare.Biz>
Date: Thu, 22 Jan 2015 09:38:51 -0600 (CST)
Subject: Re: IPFilter & FreeBSD-10.1
From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To: "Shane Ambler" <FreeBSD@ShaneWare.Biz>
Reply-To: galtsev@kicp.uchicago.edu
User-Agent: SquirrelMail/1.4.8-5.el5.centos.7
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: User Questions <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jan 2015 15:38:54 -0000


On Wed, January 21, 2015 11:20 pm, Shane Ambler wrote:
> On 22/01/2015 10:02, Valeri Galtsev wrote:
>>
>> On Wed, January 21, 2015 3:29 am, Odhiambo Washington wrote:
>>> Hi Shane,
>>>
>>> Where is the new syntax documented? Or I just have to 'man ipf'? I'd
>>> love
>>> to see a web discussion about it, which I obviously missed.
>>>
>>> Is there a sort of rule converter? :-)
>>>
>>> Thank you for mentioning this syntax thing. Must be the one that was
>>> biting
>>> me on 10.1
>
> I use ipfw myself, I read the email out of curiosity.
>
> Personally I would clear the rules and add one at a time till I get an
> error. Sounds like some people have no problem so there may only be one
> small change that breaks your rules.

Yes, thanks. Indeed that's right way to do troubleshooting, which we
always used... I feel embarrassed I didn't do this sort of troubleshooting
myself before posting the question. (Yet, I've found "workaround", and
described it in the thread I've started which partly excuses me ;-) It
more looks like crippled something in my ipf.rules that is being happily
swallowed by old code, yet new code chokes on it. (similar thing may be
true in case of another person's problem). I'll post to this threat if I
find something like that in my case.

>
>>
>> I wonder if anyone knows URl of official website of ipfilter. Both
>> project
>> info on sourceforge (http://sourceforge.net/projects/ipfilter/) and
>> wikipedia page (https://en.wikipedia.org/wiki/IPFilter) point at the
>> place
>> which apparently doesn't exist so you end up getting just front page of
>> the university: http://asiapacific.anu.edu.au/ ...
>
> The handbook page on ipfilter links to http://www.phildev.net/ipf/
> which is only a faq page, so it looks like the man pages are the best
> docs.

Indeed, if nothing changed in the rule syntax, then FreeBSD DocBook is the
best place to go, and I personally don't feel I need anything more.

Valeri

>
> Sourceforge could still be the place of all development, the cvs repo
> has a few files that were changed 7 months ago.
>
>> One does want to read the documentation to be able to keep using
>> ipfilter
>> on FreBSD 10.x (as one did on FreeBSD 9.x in the past). And with syntax
>> changed, one does have to read Documentation (and here brilliant FreeBSD
>> documentation seems to be outdated...)
>>
>> Thanks a lot for your answers!
>>
>> Valeri
>
> --
> FreeBSD - the place to B...Software Developing
>
> Shane Ambler
>
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++