On 2012-05-26, Stuart Henderson <s...@spacehopper.org> wrote: > On 2012-05-26, Jan Stary <h...@stare.cz> wrote: >>> > If someone wants to carefully go over faq/pf/ (or at least going >>> > over one whole page rather than just parts of a page), check/update things >>> > and send a diff, that would be very nice and there's a good chance it >>> > would >>> > get committed.. > > to clarify: > > I will review a diff for a whole page or for the whole pf > section, but cannot go over a bunch of small patches for various > things, and indeed I think that is the wrong approach, it will > be much more readable and consistent if each page is treated as > a complete unit. > >
More explanation on this after some offlist mail since I guess I wasn't totally clear... This page was written back in the time when stateful filtering was a non-default thing which only some people used, and has only had relatively minor fixes since then, no big integration of the "keep state by default" or the big changes to how translation is handled, these were only dealt with by relatively small patches. "modern" pf is written on the assumption that people will be doing stateful filtering, there are only a very few special cases where stateful is unwanted, so this documentation needs to reflect this. References to things like "if the rule creates state" and the separate "keeping state" section are no longer helpful, the faq doesn't need to consider things which aren't the recommended practice, it should explain how to do things the right way, not talk about how things work when the user is not following advice. To review a diff properly is going to mean applying it and reading it in the context of the whole page, working out what makes sense, whether things need re-ordering, more explanation, rewriting to make full use of new syntax (in particular match and tag). Reading a diff by itself without context is not going to be enough. I don't mind doing this for a full update that really fixes the page, but doing this again and again for lots of small diffs is going to be way too much work and I'd find it hard to approve a change which leaves the page still fundamentally based on the version of PF that was in OpenBSD 4.0.
