Olivier Smedts wrote:
2012/11/20 Gary Palmer <gpal...@freebsd.org>:
On Tue, Nov 20, 2012 at 11:43:04AM +0100, Olivier Smedts wrote:
2012/11/20 Paul Webster <paul.g.webs...@googlemail.com>:
I am aware this is a much discussed subject since the upgrade of PF, I
believe the final decision was that to many users are used to the old
style pf and an upgrade to the new syntax would cause to much confusion.
But a change like this is expected in a new major branch, ie.
10-CURRENT. Not so in -STABLE branches of course. I don't see the
problem here.
So you don't expect people to upgrade boxes in place?
I expect that before upgrading to a *major* version you should read an
updating or "what's changed" documentation.
I also guess you've never been 5,000 miles away from a box and typo'd something
in the firewall and locked yourself out. The think how tons of FreeBSD
users would feel if the default pf syntax was changed to be incompatible and
they find themselves in a similar situation after an upgrade. Defaulting to
open, while it could solve the problem (although I would suspect there could
be edge cases where it doesn't), could be bad for other reasons.
This already happened to me but, no, not during a major upgrade
because I won't do this kind of work without at least someone on-site.
The other question that I haven't seen answered (or maybe even asked), but
is relevant: what do we gain by going to a later version of pf? I.e. as an
administrator, what benefit do I get by having to expend effort converting
my filter rules?
Gary
At some time we'll surely *have* to upgrade our pf, because the legacy
version won't be supported upstream. I say that a major release is the
most appropriated place for such a change.
Another question : how did OpenBSD managed this change ?
Cheers
Hay I have been down this road myself. It's no longer possible to just
re-port the current OpenBSD version of PF to FreeBSD. The FreeBSD
version has been rewritten. Read all the threads shown in this post for
all the gory details.
[HEADS UP] merging projects/pf into head
http://lists.freebsd.org/pipermail/freebsd-pf/2012-September/006740.html
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
