Contributed by jose on from the assistance dept.
"There's been quite a few neat features added to PF recently, but there's no good documentation that says what these commands do and how to use them. the HOWTO ( http://www.inebriated.demon.nl/pf-howto) hasn't been updated in almost a year, and the OpenBSD FAQ ( http://www.openbsd.org/faq/faq6.html#6.2) covers just the basics.There was recently a call for testers in PF and ALTQ as well as documenters for the new features. 3.3 is coming up very soon, so someone should step up and contribute some documentation. Will it be you?Anybody have a good reference for all the new bells and whistles in PF?"
(Comments are closed)
By Anonymous Coward () on
BTW, when is 3.3 due, roughly?
Comments
By nathan milford () on
Comments
By Anonymous Coward () on
Comments
By sickofthesameoldquestions () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Comments
By Noob () on
I do really enjoy all the work put into online OpenBSD documentation though too. I think it's the best I've seen. Good Job!
Comments
By Anonymous Coward () on
By James () on
Comments
By Anonymous Coward () on
Comments
By Justin () on
Comments
By Anonymous Coward () on
Most other (good) sysadmins I know also code. Some people know how to help themselves while others need/want to have their hand held and be spoon feed.
Comments
By Anonymous Coward () on
not only is it your opinion, but it's also recommended by SAGE that a necessary requirement for senior system administrators is the "Ability to program in an administrative language (Tk, Perl, VBScript, a shell), to port C programs from one platform to another, and to write small C or C# programs."
source: http://sageweb.sage.org/resources/publications/8_jobs/core.html
Comments
By Jeffrey () on
Looks like I'm halfway there! Yay!
... and C is getting easier all the time ...
I figure if I don't learn something (whatever that something might be) each and every day then that day has been mostly wasted.
Comments
By Anonymous Coward () on
By waldo () waldo@iastate.edu on mailto:waldo@iastate.edu
as i mentioned in my post, the docs cover only the basics. i want information on the newer/more advanced commands.
> and source isn't too bad either..
i've looked at the source and didn't see anything useful. which file, exactly?
and on an off-topic note, i love OpenBSD, i think it's a great operating system, but i can /not/ stand the attitude of many of it's users. Maybe it's rubbed off from Mr. DeRaadt, but flaming anybody that asks a question (on any topic, not just this one) is NOT a way to encourage anyone to use the OS you clearly think is so neato, or increase the general pleasantness of the human population. it annoys me. knock it off. you are not (surprising, i know) holier than everybody else. come down off the pedestal. it's kinda fun down here.
Comments
By A. Friend () on
By jolan () on
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
A couple of pointers:
1) The FAQ tracks -stable. Don't expect anything there on upcoming features.
2) If you want to know what's new in pf, read:
http://www.openbsd.org/plus.html
3) Don't expect other sources to document stuff implemented in -current. Things change very rapidly. There's little point in documenting something that could be removed or changed dramatically the next day.
As for the attitude stuff, I thought your question could have been answered with a little more effort on your part. It would seem other people did too, although they couldn't express it as eloquently.
By Anonymous Coward () on
Lets not forget reading or searching the man pages, which doesn't seem to happen as often as it should.
We need to encourage people to RTFM.
Why:
1) You will find the answer faster
2) You will not waste anyone elses time
3) You might learn something new in the process
4) You might find a problem with the documentation, which you can report to improve the system for everyone
5) The mailing lists traffic will be reduced and consist of more interesting and original questions
6) All this can only lead to becoming a more efficient system administrator.
Comments
By kremlyn () on
//kremlyn
Comments
By Lars Hansson () on
By Wu () wu@interlogical.com on mailto:wu@interlogical.com
In my oppinion, the problem is those people to want their problem to been solved before, they it is better (and of course easy) to copy configurations from other people instead of making their own...
pf is amazing, but of course, you need to learn how to use it. To copy other people configs is not the way (as i had say, that's my oppinion).
Comments
By Wu () wu@interlogical.com on mailto:wu@interlogical.com
By Anonymous Coward () on
Why:
[ lots of great reasons ]
plus, if you read the manpages/FAQ you'll be getting the information from official sources. what if malevolent users tell newbies: "why yes, just add 'pass in quick all' at the top and it will solve all your problems" ? The same applies to uninformed users who think they know the answer.
also the official sources are continually picked through for exactness. my reply, sent out while at work in the middle of 20 other things going on, might not be as accurate or well-worded as the FAQ/manpage. some of us tell ppl RTFM not b/c our cock is bigger than yours, but b/c we recognize we wont be able to explain any better than the faq/manpage already does.
By Anonymous Coward () on
In no relation to the OpenBSD newsgroup, there is a guy in the bbq newsgroup that posts the same message every couple of weeks. The message is "where to find the bbq faq" and it points newbies to the reference.
Perhaps I'll do this. A few links to some well known places to find OpenBSD information. Google will let you know of pages with the content you are looking for, but doesn't address the quaility of it. Newbie-madness at the newgroup may be frustrating, but that is not the intention of the poster.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
there are alot of obsd people who reply to a question with "why would you want to do that, do it my way its better, or rtfa" why bother posting a reply if you're not going to help in any way?
By Lars Hansson () on
The fact that you asked it one more time clearly shows you probably didnt even try to find the answer by yourself.
By Anonymous Coward () on
> You have the source.
> by Anonymous Coward on Thursday, January 30
> @03:23AM
> Read it.
Oh yeah, thats right. Lets skip all the man pages, they are only a waste of space (and time) anyways. All examples, and other documentation can be deleted as well.
Sorry, but I agree - judging from some answers (like this one) I guess the average OpenBSD users age is almost thirteen.
Comments
By James () on
Comments
By Jeffrey () on
Maybe if anonymous postings here were not possible there would be less garbage showing up ;)
By Anonymous Coward () on
By Anonymous Coward () on
Well, you could carry that suggestion for all of OpenBSD, and conclude that there needs to be no man pages or other documentation because anyone can (and should) read the source.
Fortunately, the people who contribute to the project have a more enlightened viewpoint, and create some of the best and thorough OS documentation around.
All that this thread asks is that the pf documentation catch up with the pf enhancements.
By Anonymous Coward () on
By Anonymous Coward () on
http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/pf.conf.5
Comments
By Anonymous Coward () on
By Anonymous Coward () on
The man pages have excellent, up-to-date information.
http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
A couple of pointers:
1) The FAQ tracks -stable. Don't expect anything there on upcoming features.
2) If you want to know what's new in pf, read:
http://www.openbsd.org/plus.html
3) Don't expect other sources to document stuff implemented in -current. Things change very rapidly. There's little point in documenting something that could be removed or changed dramatically the next day.
As for the attitude stuff, I thought your question could have been answered with a little more effort on your part. It would seem other people did too, although they couldn't express it as eloquently.
Comments
By jose () on http://www.monkey.org/~jose/
also, docs assist people in testing stuff. that's always good.
By waldo () waldo@iastate.edu on mailto:waldo@iastate.edu
however, to those of you that tell me to read the code and google for it, i've tried both, and not met with much success. since you are clearly superior to me (i'm just a n00b after all), where in the code should i be looking? what's the proper google query? you're so good it ought not take you any more time than the time you spent making your asinine RTFM posts.
By Jim () on
Anybody know a good ALTQ tutorial? Or does anyone know what queuing strategy I should be using? If I knew which strategy to use, I can probably figure it out from there.
Comments
By qalt () on
interface de0 bandwidth 100M wfq hash full
and you have lots of time to read rest of manual, and update your config as necessary
Comments
By Jim () on
Comments
By qalt () on
Comments
By Anonymous Coward () on
Are you saying that I can't throttle upstream and downstream seperately using ALTQ?
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
http://lartc.org/wondershaper/
works very well in linux for throttling upstream and downstream independantly.
Because of the nature of ADSL, when a download or upload that maxes out the bandwidth happens, it severly hurts latencies on all connections over that link.
When the link is throttled to not allow the maxing out either the upstream or downstream connection, the ADSL modem does not spend seconds at a time on one upstream or downstream transfer, and this allows good interactivity on ssh and telnet connections.
Since I use OpenBSD for my home router/gateway/internet server, I use the throttling mechanism in ProFTPD, and recommend that my friends use my ftp server for downloading from me.
If people decide to use scp for transferring files, however, it will max out my upstream (at 16 KB/s), and my latencies will be horrible for ssh, web browsing, and a number of other things. Similarly, if I am doing a huge download that maxes out my downstream (at 150 KB/s), people sshing to my box will have terrible latencies, waiting up to a few seconds for what they type to appear.
It seems to me that if proftpd can throttle upstream and downstream seperately in userland, then there shouldn't be a problem in throttling it with ALTQ....
So I ask again, how do I do this in OpenBSD? If ALTQ can't do it, is there something else that can?
Comments
By Anonymous Coward () on
http://www.pureftpd.org/FAQ
wouldn't 'FTP over SSH' fix a part of the problem? Might work with ProFTPd, too
By qalt () on
In the meantime you can use your ftp server to limit input rate (proftpd does its job just fine), you may protect your upstream only with altq
Comments
By Anonymous Coward () on
By Anonymous Coward () on
by SolarfluX (solarflux@bsdvault.net) on Friday, January 31 @10:16AM
http://bsdvault.net
http://docs.bsdaemon.be/docs/security/openbsd-pf.txt
Comments
By Anonymous Coward () on
interface ep0 outgoing-bandwidth 1.5M wfq
interface ep0 incoming-bandwidth 250K wfq
Is something like this possible using ALTQ?
Comments
By qalt () on
seems more like duplex mismatch if you cannot get subscribed rate (or your provider will tell once you call for service)
By Daniel Hartmeier () daniel@benzedrine.cx on http://www.benzedrine.cx/pf.html
IMO, the first priority should be the man pages. You can help us by making suggestions. What questions did come up that the man pages couldn't answer? Build a list and make sure you searched the -current man pages (through cvsweb, for instance) thoroughly first. If you found the answers by other means already, a man page diff would be great. But the questions are already helpful.
Now, certain explanations are just too verbose for the man pages, and those would better fit into a FAQ or HOWTO style document.
Yes, it would be great if Wouter's HOWTO would be actively maintained. Have you contacted him, and asked whether he plans to update it in the future? If he doesn't have time anymore, someone else could step up, take the latest version, and work on that. It's published under a BSD license, so you can fork it and republish modified versions. All it takes is someone with time and energy :)
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Also, indeed, Wouter's howto is great for the basics. But it doesn't include authpf for example, nor it doesn't have a lot of new features.
By Anonymous Coward () on
yes I have contacted him. He said he has not the time to update the HOWTO. <
By SolarfluX () solarflux@bsdvault.net on http://bsdvault.net
By Alex Kirk () alex@schnarff.com on http://www.schnarff.com
There's a great deal of whining going on on both sides of the "I want all the features and docs now!" and "RTFM!" debate recently, here and on misc@. This whining, while understandable from respective points of view, needs to stop. It's not constructive, but in fact destructive -- it just makes OpenBSD look bad.
As someone who has written a decent amount of documentation for other projects, but is always eagerly awaiting whatever's new in OBSD, I feel qualified to speak for both sides. From the developer/documenter side, I say, "Chill out, guys, I work a day job *and* do this in my spare time. I'm overworked, underappreciated, and will get to it soon enough." From the user side, I say, "OK, I'll happily RTFM...just as long as I know which FM you're talking about."
Let's all try to concentrate our energy on positive things, like asking constructive questions and giving helpful (if even one-line, one-link) answers.
By Ross () on
Grow up.
Comments
By somejackass () on
By Henning Brauer () henning@openbsd.org on mailto:henning@openbsd.org
anyone willing to help - feel free to contact me in private mail.