On Apr 13, 2013, at 11:43 AM, Rui Paulo <rpaulo_at_FreeBSD.org> wrote: > On 2013/04/13, at 5:03, Scott Long <scottl_at_samsco.org> wrote: >> You target audience for this isn't people who track CURRENT, it's people who are on 7, 8, or 9 and looking to update to 10.x sometime in the future. > > Yes, I'm aware of that, but the problem remains. If ipfilter is broken or gets broken because of the networking stack changes, we'll have to fix it to keep the deprecation path going... > Welcome to the challenges of maintaining a whole OS :-) >>>> So with that said, would it be possible to write some tutorials on how to migrate an ipfilter installation to pf? Maybe some mechanical syntax docs accompanied by a few case studies? Is it possible for a script to automate some of the common mechanical changes? Also essential is a clear document on what goes away with ipfilter and what is gained with pf. Once those tools are written, I suggest announcing that ipfilter is available but deprecated/unsupported in FreeBSD 10, and will be removed from FreeBSD 11. Certain people will still pitch a fit about it departing, but if the tools are there to help the common users, you'll be successful in winning mindshare and general support. >>> >>> >>> It's not very difficult to switch an ipf.conf/ipnat.conf to a pf.conf, but I'm not sure automated tools exist. I'm also not convinced we need to write them and I think the issue can be deal with by writing a bunch of examples on how to do it manually. Then we can give people 1y to switch. >> >> Please believe me that no matter how trivial you think the switch is, a migration guide still needs to be written. > > > A migration *guide*, yes. Tools to convert one syntax to another: no. > Ok, so in response to this and to Glebs email, lets rephrase the call for help into a call for someone with ipfilter experience to help write a migration guide. Like I said, this isn't about migrating from 10-current to 10-current prime, it about migrating from 7/8/9 where up ipfilter does work. Maybe look for old openbsd docs and mailing list items from when they did their forced migration. Maybe fish for help by announcing the deprecation and removal schedule and hook whomever complains into helping instead. Maybe something else, but whatever it is, it should be done. If you and Gleb don't want to do this, I will. ScottReceived on Sat Apr 13 2013 - 21:01:31 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:36 UTC