Re: version of OpenBSD and PF

Mon, 23 Mar 2015 14:05:13 -0700 


On 03/23/2015 09:58 PM, Peter N. M. Hansteen wrote:

Mohsen Pahlevanzadeh <moh...@pahlevanzadeh.org> writes:


As you know, version of PF related of openbsd's release, And since of
of a specific version of OpenBSD, PF syntax has been rewritten. i have
two question :
1. What's the given openbsd version?

Depending on how you count, there were either two or three flag day
changes (or actually more when I think back, but perhaps not
immediately obious syntax-wise)

1) 'keep state' becoming the default in OpenBSD 4.1 -- but everybody's
    forgotten about that one, mainly because FreeBSD and NetBSD back then
    adopted the change relatively quickly

2) the NAT rewrite and syntax change (nat-to, rdr-to etc) in 4.7 --
    old rule sets will break, in almost all cases easily fixable, and
    the new syntax is lots more flexible anyway (and the reason The
    Book of PF needed a second edition)

3) the introduction of new queueing system in 5.5 - again an
    opportunity to make the rulse more readable and offering more
    flexibility, at the cost of at least some (mostly quite easy)
    conversion. (and the reason there is a third edition of that book)

There have been several other significant changes over the years,
including a fairly complete rewrite of the logging code and various
bits and pieces.

My tutorial slides has a partial list of significant developments
starting at http://home.nuug.no/~peter/pf/newest/design-evolution.html
but it's not exhaustive.


2. hwo can i retrive the given openbsd and pf version?

Why i asked same question?  i'm writing article about PF and i explain
version and synyax error.

OpenBSD officially supports the two most recent releases, and
essentially all development work happens on -current, with the bits
that get done in time to be included in the next release. At this
moment the oldest supported release is 5.5, which is the last to
include both the old ALTQ code and the new queueing system. Running
older, unsupported versions is not recommended.

Unfortunately ,I couldn't explain my purpose, Of course, OpenBSD.org  
show it,  I use FreeBSD , I  need to find out my pf is related to which 
release of openbsd...via some grep in /usr/src or etc ....

If you're writing an article on PF, consider keeping things simple for
yourself and focus on OpenBSD exclusively. Otherwise you'll end up
compensating for and explaining the fact that the others (NetBSD,
FreeBSD, Apple) have let their PF code fossilize at various oddly
chosen points in time that don't make much sense at all for newcomers.























					Reply via email to