Mohsen Pahlevanzadeh <[email protected]> writes: > As you know, version of PF related of openbsd's release, And since of > of a specific version of OpenBSD, PF syntax has been rewritten. i have > two question : > 1. What's the given openbsd version?
Depending on how you count, there were either two or three flag day changes (or actually more when I think back, but perhaps not immediately obious syntax-wise) 1) 'keep state' becoming the default in OpenBSD 4.1 -- but everybody's forgotten about that one, mainly because FreeBSD and NetBSD back then adopted the change relatively quickly 2) the NAT rewrite and syntax change (nat-to, rdr-to etc) in 4.7 -- old rule sets will break, in almost all cases easily fixable, and the new syntax is lots more flexible anyway (and the reason The Book of PF needed a second edition) 3) the introduction of new queueing system in 5.5 - again an opportunity to make the rulse more readable and offering more flexibility, at the cost of at least some (mostly quite easy) conversion. (and the reason there is a third edition of that book) There have been several other significant changes over the years, including a fairly complete rewrite of the logging code and various bits and pieces. My tutorial slides has a partial list of significant developments starting at http://home.nuug.no/~peter/pf/newest/design-evolution.html but it's not exhaustive. > 2. hwo can i retrive the given openbsd and pf version? > > Why i asked same question? i'm writing article about PF and i explain > version and synyax error. OpenBSD officially supports the two most recent releases, and essentially all development work happens on -current, with the bits that get done in time to be included in the next release. At this moment the oldest supported release is 5.5, which is the last to include both the old ALTQ code and the new queueing system. Running older, unsupported versions is not recommended. If you're writing an article on PF, consider keeping things simple for yourself and focus on OpenBSD exclusively. Otherwise you'll end up compensating for and explaining the fact that the others (NetBSD, FreeBSD, Apple) have let their PF code fossilize at various oddly chosen points in time that don't make much sense at all for newcomers. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
