Re: How to find out which version of PF a given box is using...
On 21/09/2011 09:17, krad wrote: > If its been syncd to openbsd 4.5 version of pf, its still quite a way behind > openbsd's version in the latest release as they are not on 4.9 with 5.0 > imminent. Looking at the docs there were quite a lot of changes when openbsd > was bumped to 4.7 Yes. However I believe this does solve the incompatibility between PF and vimage, which is fantastic. There's been a lot of work gone into FreeBSD network stack to add capabilities that OpenBSD simply doesn't have -- mostly to do with fine-grained locking, multiprocessing support and virtualization -- all of which makes the importing process pretty non-trivial. Cheers, Matthew PS. Mac OS X Lion now uses PF for firewalling too. Apparently it's even older than the PF in FreeBSD: http://quigon.bsws.de/papers/2011/pf10yrs/mgp00078.html -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: How to find out which version of PF a given box is using...
On 21 September 2011 09:05, Matthew Seaman wrote: > On 21/09/2011 08:34, Matthew Seaman wrote: > > On 21/09/2011 07:34, Modulok wrote: > >> Is there an easy way to find out what version of PF a given FreeBSD > version is > >> using? Currently I'm doing this: > >> > >> grep -iE '\bpf\b' /usr/src/UPDATING > >> > >> Just wondering if I'm missing something. I didn't see any '--version' > >> flag in pfctl. > > > > Uh -- bpf is a different thing to PF. bpf is Berkeley Packet Filter > > which isn't anything to do with firewalling, but used eg. by tcpdump to > > select certain packets from the wire. As far as I know, bpf doesn't > > have a separate version number; it just uses the OS version number. > > It's been part of BSD Unices since dinosaurs roamed the earth. > > One of these days I'll learn not to send e-mail before coffee. Please > ignore the above -- red herring. > > > PF is the firewalling code imported from OpenBSD. Again, it's part of > > the base system in OpenBSD so it just uses the OpenBSD version number. > > Every so often there will be a new import from OpenBSD -- I believe most > > released versions of FreeBSD are using PF from OpenBSD 4.2, but there is > > an update to OpenBSD 4.mumble in the works for the upcoming FreeBSD 9.0 > > release. You'ld have to check the commit history in CVS or SVN to be > sure. > > In fact, the last import listed as such in the CVS history was from > OpenBSD 4.1 but that was around 2007 when FreeBSD was on version 6.x -- > long time ago. There's been plenty of updates since (which, IIRC, made > the FreeBSD code pretty much equivalent to what is in OpenBSD 4.2), but > no wholesale reimport until about 2 months ago, when OpenBSD 4.5 code > was imported into head. > > http://svnweb.freebsd.org/base?view=revision&revision=223637 > > AFAIK, that is not a candidate for MFC to stable/8 or earlier, as it > modifies KBIs. > >Cheers, > >Matthew > > -- > Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard > Flat 3 > PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate > JID: matt...@infracaninophile.co.uk Kent, CT11 9PW > > If its been syncd to openbsd 4.5 version of pf, its still quite a way behind openbsd's version in the latest release as they are not on 4.9 with 5.0 imminent. Looking at the docs there were quite a lot of changes when openbsd was bumped to 4.7 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: How to find out which version of PF a given box is using...
On 21/09/2011 08:34, Matthew Seaman wrote: > On 21/09/2011 07:34, Modulok wrote: >> Is there an easy way to find out what version of PF a given FreeBSD version >> is >> using? Currently I'm doing this: >> >> grep -iE '\bpf\b' /usr/src/UPDATING >> >> Just wondering if I'm missing something. I didn't see any '--version' >> flag in pfctl. > > Uh -- bpf is a different thing to PF. bpf is Berkeley Packet Filter > which isn't anything to do with firewalling, but used eg. by tcpdump to > select certain packets from the wire. As far as I know, bpf doesn't > have a separate version number; it just uses the OS version number. > It's been part of BSD Unices since dinosaurs roamed the earth. One of these days I'll learn not to send e-mail before coffee. Please ignore the above -- red herring. > PF is the firewalling code imported from OpenBSD. Again, it's part of > the base system in OpenBSD so it just uses the OpenBSD version number. > Every so often there will be a new import from OpenBSD -- I believe most > released versions of FreeBSD are using PF from OpenBSD 4.2, but there is > an update to OpenBSD 4.mumble in the works for the upcoming FreeBSD 9.0 > release. You'ld have to check the commit history in CVS or SVN to be sure. In fact, the last import listed as such in the CVS history was from OpenBSD 4.1 but that was around 2007 when FreeBSD was on version 6.x -- long time ago. There's been plenty of updates since (which, IIRC, made the FreeBSD code pretty much equivalent to what is in OpenBSD 4.2), but no wholesale reimport until about 2 months ago, when OpenBSD 4.5 code was imported into head. http://svnweb.freebsd.org/base?view=revision&revision=223637 AFAIK, that is not a candidate for MFC to stable/8 or earlier, as it modifies KBIs. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: How to find out which version of PF a given box is using...
On 21/09/2011 07:34, Modulok wrote: > Is there an easy way to find out what version of PF a given FreeBSD version is > using? Currently I'm doing this: > > grep -iE '\bpf\b' /usr/src/UPDATING > > Just wondering if I'm missing something. I didn't see any '--version' > flag in pfctl. Uh -- bpf is a different thing to PF. bpf is Berkeley Packet Filter which isn't anything to do with firewalling, but used eg. by tcpdump to select certain packets from the wire. As far as I know, bpf doesn't have a separate version number; it just uses the OS version number. It's been part of BSD Unices since dinosaurs roamed the earth. PF is the firewalling code imported from OpenBSD. Again, it's part of the base system in OpenBSD so it just uses the OpenBSD version number. Every so often there will be a new import from OpenBSD -- I believe most released versions of FreeBSD are using PF from OpenBSD 4.2, but there is an update to OpenBSD 4.mumble in the works for the upcoming FreeBSD 9.0 release. You'ld have to check the commit history in CVS or SVN to be sure. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
How to find out which version of PF a given box is using...
List, Is there an easy way to find out what version of PF a given FreeBSD version is using? Currently I'm doing this: grep -iE '\bpf\b' /usr/src/UPDATING Just wondering if I'm missing something. I didn't see any '--version' flag in pfctl. -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"