Thank god its aprils fool ;)
- Joris Vink -
On Tue, 1 Apr 2003, Henning Brauer wrote:
> Hi guys,
>
> After much discussion we made a hard decision: we will change pf syntax from
> English to German.
>
> Let me explain.
>
> Most of the pf developers are native german speakers. It's very hard for us
> to dream up new keywords in a foreign language. In fact, I have a few new
> features in mind I would really like to have, but cannot implement because I
> can't think of a reasonable English keyword.
>
> And, of course, we do not want to support a regime attacking poor Afghan and
> Iraqi farmers by using the english language.
> We realize this change is radical, and that it will cause some management
> issues for you, but it's really worth it, the new syntax is so much more
> clear and simple, you won't regret it. Look at this example:
>
> ext_if="dc0"
>
> mach isnich-Gesetz Schiesszurueck
> mach limit { states 10000, frags 5000 }
> mach erzwinge-Reihenfolge noe
>
> AndereSchlangen auf $ext_if Bandbreite 10Mb Klassen-basiertes-anstellen \
> Schlange { ssh, http, allet }
> Schlange allet Bandbreite 1Mb Klassen-basiertes-anstellen(default)
> Schlange ssh Bandbreite 1Mb Klassen-basiertes-anstellen(leihen) \
> { ssh_bulk, ssh_prio }
> Schlange ssh_bulk Prioritaet 0
> Schlange ssh_prio Prioritaet 7
> Schlange http Bandbreite 9Mb
>
> Tabelle <Spinnennetzservierer> { 10.0.0.1, 10.0.0.7, 10.0.0.9 }
>
> scrub rein von wurscht nach 10/8 zufalls-id
>
> ueberzetze auf $ext_if dasAlteProtokoll von 10/8 nach wurscht -> $ext_if
> umleite auf $ext_if von wurscht nach $ext_if -> 10.0.0.1
>
> nixschummeln SchnellSchnellSchnell fuer $ext_if
>
> isnich lassfallen SchnellSchnellSchnell auf $ext_if von 192.168/16
> lass rein SchnellSchnellSchnell auf $ext_if Protokoll tcp nach \
> <Spinnennetzservierer> Hafen 80 Flaggen S/SA halte Status \
> Schild "wodieSeitenherkommen" Schlange http
> lass raus SchnellSchnellSchnell auf $ext_if Protokoll tcp nach wurscht \
> Hafen 22 Flaggen S/SA halte Status Schild "ssh-raus" \
> Schlange (ssh_bulk, ssh_prio)
>
> it's obviously so much better than what we have now, and we get rid of the
> last remnants of IPF. Rest in Peace.
>
> below is an early diff - the print-functions need to be updated, for example.
> have fun!
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/parse.y,v
> retrieving revision 1.343
> diff -u -r1.343 parse.y
> --- parse.y 19 Mar 2003 15:51:40 -0000 1.343
> +++ parse.y 1 Apr 2003 01:20:48 -0000
> @@ -3418,93 +3418,93 @@
> {
> /* this has to be sorted always */
> static const struct keywords keywords[] = {
> - { "all", ALL},
> - { "allow-opts", ALLOWOPTS},
> - { "altq", ALTQ},
> - { "anchor", ANCHOR},
> - { "antispoof", ANTISPOOF},
> - { "any", ANY},
> - { "bandwidth", BANDWIDTH},
> - { "binat", BINAT},
> - { "binat-anchor", BINATANCHOR},
> - { "bitmask", BITMASK},
> - { "block", BLOCK},
> - { "block-policy", BLOCKPOLICY},
> - { "borrow", BORROW},
> - { "cbq", CBQ},
> - { "code", CODE},
> - { "crop", FRAGCROP},
> - { "default", DEFAULT},
> - { "drop", DROP},
> - { "drop-ovl", FRAGDROP},
> - { "dup-to", DUPTO},
> - { "ecn", ECN},
> - { "fastroute", FASTROUTE},
> - { "file", FILENAME},
> - { "flags", FLAGS},
> - { "for", FOR},
> - { "fragment", FRAGMENT},
> - { "from", FROM},
> - { "group", GROUP},
> - { "icmp-type", ICMPTYPE},
> - { "icmp6-type", ICMP6TYPE},
> - { "in", IN},
> - { "inet", INET},
> - { "inet6", INET6},
> - { "keep", KEEP},
> - { "label", LABEL},
> - { "limit", LIMIT},
> - { "log", LOG},
> - { "log-all", LOGALL},
> - { "loginterface", LOGINTERFACE},
> - { "max", MAXIMUM},
> - { "max-mss", MAXMSS},
> - { "min-ttl", MINTTL},
> - { "modulate", MODULATE},
> - { "nat", NAT},
> - { "nat-anchor", NATANCHOR},
> - { "no", NO},
> - { "no-df", NODF},
> - { "no-route", NOROUTE},
> - { "on", ON},
> - { "optimization", OPTIMIZATION},
> - { "out", OUT},
> - { "pass", PASS},
> - { "port", PORT},
> - { "priority", PRIORITY},
> - { "priq", PRIQ},
> - { "proto", PROTO},
> - { "qlimit", QLIMIT},
> - { "queue", QUEUE},
> - { "quick", QUICK},
> - { "random", RANDOM},
> - { "random-id", RANDOMID},
> - { "rdr", RDR},
> - { "rdr-anchor", RDRANCHOR},
> - { "reassemble", FRAGNORM},
> - { "red", RED},
> - { "reply-to", REPLYTO},
> - { "require-order", REQUIREORDER},
> - { "return", RETURN},
> - { "return-icmp", RETURNICMP},
> - { "return-icmp6", RETURNICMP6},
> - { "return-rst", RETURNRST},
> - { "rio", RIO},
> - { "round-robin", ROUNDROBIN},
> - { "route-to", ROUTETO},
> - { "scrub", SCRUB},
> - { "set", SET},
> - { "source-hash", SOURCEHASH},
> - { "state", STATE},
> - { "static-port", STATICPORT},
> - { "table", TABLE},
> - { "tbrsize", TBRSIZE},
> - { "timeout", TIMEOUT},
> - { "to", TO},
> - { "tos", TOS},
> - { "ttl", TTL},
> - { "user", USER},
> - { "yes", YES},
> + { "AndereSchlangen", ALTQ},
> + { "Anker", ANCHOR},
> + { "Bandbreite", BANDWIDTH},
> + { "Benutzer", USER},
> + { "Datei", FILENAME},
> + { "Flaggen", FLAGS},
> + { "Gruppe", GROUP},
> + { "Hafen", PORT},
> + { "Klassen-basiertes-anstellen", CBQ},
> + { "Kode", CODE},
> + { "Optimierung", OPTIMIZATION},
> + { "Prioritaet", PRIORITY},
> + { "Protokoll", PROTO},
> + { "Schiesszurueck", RETURN},
> + { "Schiesszurueck-icmp", RETURNICMP},
> + { "Schiesszurueck-icmp6", RETURNICMP6},
> + { "Schiesszurueck-rst", RETURNRST},
> + { "Schild", LABEL},
> + { "Schlange", QUEUE},
> + { "SchnellSchnellSchnell", QUICK},
> + { "Schnellrouten", FASTROUTE},
> + { "Status", STATE},
> + { "Tabelle", TABLE},
> + { "alles", ALL},
> + { "antworte-nach", REPLYTO},
> + { "auf", ON},
> + { "bitmaske", BITMASK},
> + { "biuebersetzen", BINAT},
> + { "biuebersetzen-anker", BINATANCHOR},
> + { "crop", FRAGCROP},
> + { "dasAlteProtokoll", INET},
> + { "dasNeueProtokoll", INET6},
> + { "default", DEFAULT},
> + { "drop-ovl", FRAGDROP},
> + { "dup-to", DUPTO},
> + { "ecn", ECN},
> + { "erlaube-optionen", ALLOWOPTS},
> + { "erzwinge-Reihenfolge", REQUIREORDER},
> + { "fragment", FRAGMENT},
> + { "fuer", FOR},
> + { "halte", KEEP},
> + { "icmp-typ", ICMPTYPE},
> + { "icmp6-typ", ICMP6TYPE},
> + { "isnich", BLOCK},
> + { "isnich-Gesetz", BLOCKPOLICY},
> + { "ja", YES},
> + { "kein-df", NODF},
> + { "kein-weg", NOROUTE},
> + { "lass", PASS},
> + { "lassfallen", DROP},
> + { "leihen", BORROW},
> + { "limit", LIMIT},
> + { "log", LOG},
> + { "log-all", LOGALL},
> + { "loginterface", LOGINTERFACE},
> + { "mach", SET},
> + { "max", MAXIMUM},
> + { "max-mss", MAXMSS},
> + { "min-ttl", MINTTL},
> + { "moduliere", MODULATE},
> + { "nach", TO},
> + { "nixschummeln", ANTISPOOF},
> + { "noe", NO},
> + { "priq", PRIQ},
> + { "qlimit", QLIMIT},
> + { "raus", OUT},
> + { "reassemble", FRAGNORM},
> + { "rein", IN},
> + { "rio", RIO},
> + { "rot", RED},
> + { "runder-rudi", ROUNDROBIN},
> + { "scrub", SCRUB},
> + { "source-hash", SOURCEHASH},
> + { "static-port", STATICPORT},
> + { "tbrsize", TBRSIZE},
> + { "timeout", TIMEOUT},
> + { "tos", TOS},
> + { "ttl", TTL},
> + { "ueberzetz-anker", NATANCHOR},
> + { "ueberzetze", NAT},
> + { "umleite", RDR},
> + { "umleite-anker", RDRANCHOR},
> + { "von", FROM},
> + { "weg-nach", ROUTETO},
> + { "wurscht", ANY},
> + { "zufall", RANDOM},
> + { "zufalls-id", RANDOMID},
> };
> const struct keywords *p;
>
>
