On Tue, Nov 20, 2012 at 11:43:04AM +0100, Olivier Smedts wrote: > 2012/11/20 Paul Webster <paul.g.webster_at_googlemail.com>: > > I am aware this is a much discussed subject since the upgrade of PF, I > > believe the final decision was that to many users are used to the old > > style pf and an upgrade to the new syntax would cause to much confusion. > > But a change like this is expected in a new major branch, ie. > 10-CURRENT. Not so in -STABLE branches of course. I don't see the > problem here. So you don't expect people to upgrade boxes in place? I also guess you've never been 5,000 miles away from a box and typo'd something in the firewall and locked yourself out. The think how tons of FreeBSD users would feel if the default pf syntax was changed to be incompatible and they find themselves in a similar situation after an upgrade. Defaulting to open, while it could solve the problem (although I would suspect there could be edge cases where it doesn't), could be bad for other reasons. The other question that I haven't seen answered (or maybe even asked), but is relevant: what do we gain by going to a later version of pf? I.e. as an administrator, what benefit do I get by having to expend effort converting my filter rules? GaryReceived on Tue Nov 20 2012 - 11:13:40 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:32 UTC