2012/11/20 Gary Palmer <gpalmer_at_freebsd.org>: > On Tue, Nov 20, 2012 at 11:43:04AM +0100, Olivier Smedts wrote: >> 2012/11/20 Paul Webster <paul.g.webster_at_googlemail.com>: >> > I am aware this is a much discussed subject since the upgrade of PF, I >> > believe the final decision was that to many users are used to the old >> > style pf and an upgrade to the new syntax would cause to much confusion. >> >> But a change like this is expected in a new major branch, ie. >> 10-CURRENT. Not so in -STABLE branches of course. I don't see the >> problem here. > > So you don't expect people to upgrade boxes in place? I expect that before upgrading to a *major* version you should read an updating or "what's changed" documentation. > I also guess you've never been 5,000 miles away from a box and typo'd something > in the firewall and locked yourself out. The think how tons of FreeBSD > users would feel if the default pf syntax was changed to be incompatible and > they find themselves in a similar situation after an upgrade. Defaulting to > open, while it could solve the problem (although I would suspect there could > be edge cases where it doesn't), could be bad for other reasons. This already happened to me but, no, not during a major upgrade because I won't do this kind of work without at least someone on-site. > The other question that I haven't seen answered (or maybe even asked), but > is relevant: what do we gain by going to a later version of pf? I.e. as an > administrator, what benefit do I get by having to expend effort converting > my filter rules? > > Gary At some time we'll surely *have* to upgrade our pf, because the legacy version won't be supported upstream. I say that a major release is the most appropriated place for such a change. Another question : how did OpenBSD managed this change ? Cheers -- Olivier Smedts _ ASCII ribbon campaign ( ) e-mail: olivier_at_gid0.org - against HTML email & vCards X www: http://www.gid0.org - against proprietary attachments / \ "Il y a seulement 10 sortes de gens dans le monde : ceux qui comprennent le binaire, et ceux qui ne le comprennent pas."Received on Tue Nov 20 2012 - 11:24:58 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:32 UTC