Why the old version of pf?

Max Laier max at love2party.net
Mon Aug 11 15:18:54 UTC 2008


On Monday 11 August 2008 14:59:46 Redd Vinylene wrote:
> Just curious why FreeBSD 7 has to use an old version of pf? There's
> been so many improvements!

It's a mixed bag, I'd say.  I'm pondering an update to 4.3, but haven't found 
the time yet.  And now 4.4 is in sight already and has a lot more stuff ... 
though there seem to be some problems with some of the new stuff ...

Right now, the simple answer is just: It hasn't been done.

>                            I'd very much like to use the new IP range
> feature for instance, so I can reduce
>
> box = "{ 80.252.2.4, 80.252.2.5, 80.252.2.6, 80.252.2.7, 80.252.2.8,
> ...
> 80.252.2.124, 80.252.2.125, 80.252.2.126, 80.252.2.127 }"
>
> to
>
> box = "{ 80.252.2.4 - 80.252.2.127 }"

Now, if that's your only problem I suggest that you read about netmasks and 
write the above as either

table <box> { 80.252.2.0/25, !80.252.2.3/30 }

or

box = "{ 80.252.2.64/26, 80.252.2.32/27, 80.252.2.16/28, \
          80.252.2.8/29, 80.252.2.4/30 }"

as Nejc suggested.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News


More information about the freebsd-pf mailing list