Re: pf.conf parser/lint

2020-12-21 Thread Chris Bennett
On Mon, Dec 21, 2020 at 07:28:54PM -0800, Sean Kamath wrote: > > On Dec 21, 2020, at 14:24, Aham Brahmasmi wrote: > > For the defaults, I try to explicitly write some of them sometimes. I > > find this helpful because it is difficult for me to remember what the > > defaults are. However, I do

Re: pf.conf parser/lint

2020-12-21 Thread Sean Kamath
> On Dec 21, 2020, at 14:24, Aham Brahmasmi wrote: > For the defaults, I try to explicitly write some of them sometimes. I > find this helpful because it is difficult for me to remember what the > defaults are. However, I do understand that I run the risk of being > caught unawares if the

Re: pf.conf parser/lint

2020-12-21 Thread Aham Brahmasmi
Namaste Peter, Tusen takk for your reply. > Sent: Saturday, December 19, 2020 at 3:32 PM > From: "Peter Nicolai Mathias Hansteen" > To: "misc" > Subject: Re: pf.conf parser/lint > > > > > 19. des. 2020 kl. 14:50 skrev Aham Brahmasmi : > >

Re: pf.conf parser/lint

2020-12-19 Thread Peter Nicolai Mathias Hansteen
> 19. des. 2020 kl. 14:50 skrev Aham Brahmasmi : >>> >> >> Always put your interfaces into groups. Identify based upon the groups. > > In case there are more such simple rules of thumb, could you please > share them? I think that piece of advice is one of the more important ones you’re

Re: pf.conf parser/lint

2020-12-19 Thread Aham Brahmasmi
Namaste Theo, I apologize for reincarnating this thread. > Sent: Friday, September 04, 2020 at 5:33 PM > From: "Theo de Raadt" > To: "Tommy Nevtelen" > Cc: misc@openbsd.org > Subject: Re: pf.conf parser/lint > > Tommy Nevtelen wrote: > >

Re: pf.conf parser/lint

2020-09-04 Thread Daniel Ouellet
> We provide over FIVE ways to identify ports without using the hardware > driver names, but hey... this discussion is about the theory you can > check overall behaviour of a system by ignoring the important parts. I always put a description and group field in my hostname config so that it allow

Re: pf.conf parser/lint

2020-09-04 Thread Theo de Raadt
Tommy Nevtelen wrote: > On 04/09/2020 18.07, Brian Brombacher wrote: > > Well, let’s say a Linter doesn’t exist and you can’t invest time to make > > one. Do you have a lower environment, mirror-exact ideally, to run tests > > on the pre-receive hook? > > > > It’s an interesting issue you’re

Re: pf.conf parser/lint

2020-09-04 Thread Tommy Nevtelen
On 04/09/2020 18.07, Brian Brombacher wrote: Well, let’s say a Linter doesn’t exist and you can’t invest time to make one. Do you have a lower environment, mirror-exact ideally, to run tests on the pre-receive hook? It’s an interesting issue you’re trying to solve ;) I didn't say I can't

Re: pf.conf parser/lint

2020-09-04 Thread Brian Brombacher
> On Sep 4, 2020, at 12:03 PM, Tommy Nevtelen wrote: > > On 04/09/2020 17.40, Brian Brombacher wrote: On Sep 4, 2020, at 11:28 AM, Brian Brombacher wrote: >>> >>> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: Hi there misc! Is there an external pfctl

Re: pf.conf parser/lint

2020-09-04 Thread Theo de Raadt
Tommy Nevtelen wrote: > On 04/09/2020 17.24, Brian Brombacher wrote: > > > >> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: > >> > >> Hi there misc! > >> > >> Is there an external pfctl linter? we have bunch pf firwalls for which we > >> generate rules but also write some manual ones

Re: pf.conf parser/lint

2020-09-04 Thread Tommy Nevtelen
On 04/09/2020 17.40, Brian Brombacher wrote: On Sep 4, 2020, at 11:28 AM, Brian Brombacher wrote: On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: Hi there misc! Is there an external pfctl linter? we have bunch pf firwalls for which we generate rules but also write some manual ones

Re: pf.conf parser/lint

2020-09-04 Thread Tommy Nevtelen
On 04/09/2020 17.24, Brian Brombacher wrote: On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: Hi there misc! Is there an external pfctl linter? we have bunch pf firwalls for which we generate rules but also write some manual ones that get merged. Would be nice if we could lint the

Re: pf.conf parser/lint

2020-09-04 Thread Brian Brombacher
> On Sep 4, 2020, at 11:28 AM, Brian Brombacher wrote: > >  > >> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: >> >> Hi there misc! >> >> Is there an external pfctl linter? we have bunch pf firwalls for which we >> generate rules but also write some manual ones that get merged.

Re: pf.conf parser/lint

2020-09-04 Thread Brian Brombacher
> On Sep 4, 2020, at 10:51 AM, Tommy Nevtelen wrote: > > Hi there misc! > > Is there an external pfctl linter? we have bunch pf firwalls for which we > generate rules but also write some manual ones that get merged. Would be nice > if we could lint the rules before committed to vcs.. (yes

Re: pf.conf parser/lint

2020-09-04 Thread Sven F.
On Fri, Sep 4, 2020 at 10:51 AM Tommy Nevtelen wrote: > > Hi there misc! > > Is there an external pfctl linter? we have bunch pf firwalls for which > we generate rules but also write some manual ones that get merged. Would > be nice if we could lint the rules before committed to vcs.. (yes we >