Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Packet Filter Changes Syntax Language

Posted by timothy on from the aber-selbstverstaendlich dept.

An anonymous reader writes "As seen on this article on the OpenBSDJournal, Henning, one of PF main contribuitors writes: 'After much discussion we made a hard decision: we will change pf syntax from English to German.' So, what are the implications of this? And why the change? Read on."

4 of 29 comments (clear)

  1. Does this mean by leviramsey · · Score: 3, Funny

    ...I'll have to say "Scheisse!" when I ficken up my firewall's configuration?

  2. Help me here... by Polo · · Score: 2, Funny


    But what would be the new syntax for filtering on the new ipv4 security bit?

    1. Re:Help me here... by ctucker · · Score: 3, Funny

      I understand that one of the big reasons for this change is that a lot of the German developers were dissatisfied with the "keep state" modifier. The new pf interrogates suspicious packets in an unspecified location on the motherboard, or maybe a foreign motherboard, where packets have fewer rights. In any case, for maximum security, change everything that says "keep state" to "Unterhaltpolizeizustand".

      --

      --
      My other computer is your IIS server.
    2. Re:Help me here... by almeida · · Score: 2, Informative

      Aha! Good question. The IPv4 security bit will not be implemented on OpenBSD because IPv4 support has been dropped. Todd Fries says, "It is too hard to get IPv4 addresses, we're switching to IPv6 tomorrow."

      (This post is a day late, of course, so just pretend it's still the 1st.)