docs/167056: ERROR Handbook 9.0, firewall section, PF from OpenBSD 4.5

Mark Linimon linimon at lonesome.com
Sat Apr 21 05:50:09 UTC 2012 

The following reply was made to PR docs/167056; it has been noted by GNATS.

From: Mark Linimon <linimon at lonesome.com>
To: bug-followup at FreeBSD.org
Cc:  
Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from
 OpenBSD 4.5
Date: Sat, 21 Apr 2012 00:46:15 -0500

 ----- Forwarded message from John Ferrell <jdferrell3 at gmail.com> -----
 
 Date: Fri, 20 Apr 2012 23:09:40 -0400
 From: John Ferrell <jdferrell3 at gmail.com>
 To: freebsd-doc at freebsd.org
 Subject: Re: docs/167056: ERROR Handbook 9.0, firewall section, PF from
 	OpenBSD 4.5
 
 I am the John Ferrell that Joe is refering to.  As Remko noted, the patch
 I submitted did not remove any rules--there were no example rules in the 
 document at the time.  The patch was commited in May 2008.
 
 I suspect that when the rules were removed from the handbook it was because 
 the sample rules included with FreeBSD (/usr/share/examples/pf) and the man 
 pages cover many different scenarios.  
  
 >  All that was needed was an additional statement in the FreeBSD =
 >  handbook security/PF section saying =84FreeBSD 9.0 is running a outdated =
 >  version of PF [4.5], at PF version [4.7] the syntax of the NAT and =
 >  ftp-proxy rule changed. The reader should keep in mind the below links =
 >  reference the OpenBSD 5.0 version of PF, but the sample PF rules shown =
 >  below do match the version of PF [4.5] included with FreeBSD 9.0. Then =
 >  add a comment to the NAT rule in the sample rules saying this is the =
 >  syntax for NAT usage in versions earlier than version 4.7 and then have =
 >  the new NAT rule with comment for version 4.7 and newer. Them when =
 >  FreeBSD finally updates to the current version of OpenBSD PF ie:5.0 or =
 >  5.1 the links in the FreeBSD handbook would automatically become =
 >  meaningful.=20
 
 I agree, it should be made more clear that OpenBSD's PF syntax differs from
 that of FreeBSD's.  If no one is working on this I'll be glad to submit a 
 patch.
 
 John
 
 ----- End forwarded message -----

More information about the freebsd-doc mailing list