Quantcast

version of OpenBSD and PF

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

version of OpenBSD and PF

Mohsen Pahlevanzadeh
Dear All,

As you know, version of PF related of openbsd's release, And since of of
a specific version of OpenBSD, PF syntax has been rewritten. i have two
question :
1. What's the given openbsd version?
2. hwo can i retrive the given openbsd and pf version?

Why i asked same question?  i'm writing article about PF and i explain
version and synyax error.

--Regards
Mohsen
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: version of OpenBSD and PF

Stuart Henderson-6
On 2015/03/23 08:07, Mohsen Pahlevanzadeh wrote:

> Dear All,
>
> As you know, version of PF related of openbsd's release, And since of of a
> specific version of OpenBSD, PF syntax has been rewritten. i have two
> question :
> 1. What's the given openbsd version?
> 2. hwo can i retrive the given openbsd and pf version?
>
> Why i asked same question?  i'm writing article about PF and i explain
> version and synyax error.
>
> --Regards
> Mohsen

If I understand your questions correctly:

This change took place in 2009, the first OpenBSD release with the
new syntax was 4.7, so the last release with old syntax was 4.6.

You can retrieve old versions from http://ftp.eu.openbsd.org/pub/OpenBSD/

I don't recommend running a 5-year-old version of OpenBSD, numerous bugs
have been fixed since then.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: version of OpenBSD and PF

Peter N. M. Hansteen-3
In reply to this post by Mohsen Pahlevanzadeh
Mohsen Pahlevanzadeh <[hidden email]> writes:

> As you know, version of PF related of openbsd's release, And since of
> of a specific version of OpenBSD, PF syntax has been rewritten. i have
> two question :
> 1. What's the given openbsd version?

Depending on how you count, there were either two or three flag day
changes (or actually more when I think back, but perhaps not
immediately obious syntax-wise)

1) 'keep state' becoming the default in OpenBSD 4.1 -- but everybody's
   forgotten about that one, mainly because FreeBSD and NetBSD back then
   adopted the change relatively quickly

2) the NAT rewrite and syntax change (nat-to, rdr-to etc) in 4.7 --
   old rule sets will break, in almost all cases easily fixable, and
   the new syntax is lots more flexible anyway (and the reason The
   Book of PF needed a second edition)

3) the introduction of new queueing system in 5.5 - again an
   opportunity to make the rulse more readable and offering more
   flexibility, at the cost of at least some (mostly quite easy)
   conversion. (and the reason there is a third edition of that book)

There have been several other significant changes over the years,
including a fairly complete rewrite of the logging code and various
bits and pieces.

My tutorial slides has a partial list of significant developments
starting at http://home.nuug.no/~peter/pf/newest/design-evolution.html
but it's not exhaustive.

> 2. hwo can i retrive the given openbsd and pf version?
>
> Why i asked same question?  i'm writing article about PF and i explain
> version and synyax error.

OpenBSD officially supports the two most recent releases, and
essentially all development work happens on -current, with the bits
that get done in time to be included in the next release. At this
moment the oldest supported release is 5.5, which is the last to
include both the old ALTQ code and the new queueing system. Running
older, unsupported versions is not recommended.

If you're writing an article on PF, consider keeping things simple for
yourself and focus on OpenBSD exclusively. Otherwise you'll end up
compensating for and explaining the fact that the others (NetBSD,
FreeBSD, Apple) have let their PF code fossilize at various oddly
chosen points in time that don't make much sense at all for newcomers.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: version of OpenBSD and PF

Mohsen Pahlevanzadeh


On 03/23/2015 09:58 PM, Peter N. M. Hansteen wrote:

> Mohsen Pahlevanzadeh <[hidden email]> writes:
>
>> As you know, version of PF related of openbsd's release, And since of
>> of a specific version of OpenBSD, PF syntax has been rewritten. i have
>> two question :
>> 1. What's the given openbsd version?
> Depending on how you count, there were either two or three flag day
> changes (or actually more when I think back, but perhaps not
> immediately obious syntax-wise)
>
> 1) 'keep state' becoming the default in OpenBSD 4.1 -- but everybody's
>     forgotten about that one, mainly because FreeBSD and NetBSD back then
>     adopted the change relatively quickly
>
> 2) the NAT rewrite and syntax change (nat-to, rdr-to etc) in 4.7 --
>     old rule sets will break, in almost all cases easily fixable, and
>     the new syntax is lots more flexible anyway (and the reason The
>     Book of PF needed a second edition)
>
> 3) the introduction of new queueing system in 5.5 - again an
>     opportunity to make the rulse more readable and offering more
>     flexibility, at the cost of at least some (mostly quite easy)
>     conversion. (and the reason there is a third edition of that book)
>
> There have been several other significant changes over the years,
> including a fairly complete rewrite of the logging code and various
> bits and pieces.
>
> My tutorial slides has a partial list of significant developments
> starting at http://home.nuug.no/~peter/pf/newest/design-evolution.html
> but it's not exhaustive.
>
>> 2. hwo can i retrive the given openbsd and pf version?
>>
>> Why i asked same question?  i'm writing article about PF and i explain
>> version and synyax error.
> OpenBSD officially supports the two most recent releases, and
> essentially all development work happens on -current, with the bits
> that get done in time to be included in the next release. At this
> moment the oldest supported release is 5.5, which is the last to
> include both the old ALTQ code and the new queueing system. Running
> older, unsupported versions is not recommended.
Unfortunately ,I couldn't explain my purpose, Of course, OpenBSD.org  
show it,  I use FreeBSD , I  need to find out my pf is related to which
release of openbsd...via some grep in /usr/src or etc ....
> If you're writing an article on PF, consider keeping things simple for
> yourself and focus on OpenBSD exclusively. Otherwise you'll end up
> compensating for and explaining the fact that the others (NetBSD,
> FreeBSD, Apple) have let their PF code fossilize at various oddly
> chosen points in time that don't make much sense at all for newcomers.
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: version of OpenBSD and PF

miniupnp
Le 23/03/2015 18:08, Mohsen Pahlevanzadeh a écrit :

>
> On 03/23/2015 09:58 PM, Peter N. M. Hansteen wrote:
>> Mohsen Pahlevanzadeh <[hidden email]> writes:
>>
>>> As you know, version of PF related of openbsd's release, And since of
>>> of a specific version of OpenBSD, PF syntax has been rewritten. i have
>>> two question :
>>> 1. What's the given openbsd version?
>> Depending on how you count, there were either two or three flag day
>> changes (or actually more when I think back, but perhaps not
>> immediately obious syntax-wise)
>>
>> 1) 'keep state' becoming the default in OpenBSD 4.1 -- but everybody's
>>     forgotten about that one, mainly because FreeBSD and NetBSD back
>> then
>>     adopted the change relatively quickly
>>
>> 2) the NAT rewrite and syntax change (nat-to, rdr-to etc) in 4.7 --
>>     old rule sets will break, in almost all cases easily fixable, and
>>     the new syntax is lots more flexible anyway (and the reason The
>>     Book of PF needed a second edition)
>>
>> 3) the introduction of new queueing system in 5.5 - again an
>>     opportunity to make the rulse more readable and offering more
>>     flexibility, at the cost of at least some (mostly quite easy)
>>     conversion. (and the reason there is a third edition of that book)
>>
>> There have been several other significant changes over the years,
>> including a fairly complete rewrite of the logging code and various
>> bits and pieces.
>>
>> My tutorial slides has a partial list of significant developments
>> starting at http://home.nuug.no/~peter/pf/newest/design-evolution.html
>> but it's not exhaustive.
>>
>>> 2. hwo can i retrive the given openbsd and pf version?
>>>
>>> Why i asked same question?  i'm writing article about PF and i explain
>>> version and synyax error.
>> OpenBSD officially supports the two most recent releases, and
>> essentially all development work happens on -current, with the bits
>> that get done in time to be included in the next release. At this
>> moment the oldest supported release is 5.5, which is the last to
>> include both the old ALTQ code and the new queueing system. Running
>> older, unsupported versions is not recommended.
> Unfortunately ,I couldn't explain my purpose, Of course, OpenBSD.org
> show it,  I use FreeBSD , I  need to find out my pf is related to
> which release of openbsd...via some grep in /usr/src or etc ....
>> If you're writing an article on PF, consider keeping things simple for
>> yourself and focus on OpenBSD exclusively. Otherwise you'll end up
>> compensating for and explaining the fact that the others (NetBSD,
>> FreeBSD, Apple) have let their PF code fossilize at various oddly
>> chosen points in time that don't make much sense at all for newcomers.
>>
Maybe this can help you :
https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/genconfig.sh#L96


Loading...