On 27 Feb 2020, at 10:08, J.R. Oldroyd wrote:
I read back and found the thread last August "Update to PF from
OpenBSD
6.5".
I was going to ask the same thing but, given the complexities
discussed
in the responses there, perhaps the question should be asked a
different
way round.
How much work would it be to add in OpenBSD's latest translation
functionality to our implementation?
OpenBSD's pf has new translation functionality, specifically nat64
support using the "af-to" syntax. At the same time, existing
translation syntax was changed with the nat, binat and rdr rule
syntax changing to "pass ... nat-to ..." etc.
I think it is good that we are still called "pf" here and that we do
try
to maintain compatibility with other pf implementations. So, we
should
consider adding the new translation functionality to our
implementation.
Understood that this means requiring changes to existing pf.conf
configurations but these can be documented with examples and announced
in advance.
How big of a project would this be?
I don’t know.
I’ve not specifically investigated the nat64 bits, and they’re (to
me) the least interesting bits as well.
It’s possible that they can be imported without too much trouble, but
someone would have to sit down and spend the time on it.
Right now this isn’t even on my todo list and I’m not planning to
add it either.
Given that this change would break compatibility with existing
configurations (unless significant extra work is done to cope with this)
I’m not keen on it. I’d need to see very good arguments for
introducing an intermediate painful step between the current situation
and a state where we have the same syntax as OpenBSD.
If you’re looking for nat64, IPFW has an implementation.
Best regards,
Kristof
_______________________________________________
freebsd-pf@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
