OpenBSD Journal

PF ported to NetBSD 2.0

Contributed by grey on from the yay, more platforms for pf dept.

I gleaned this from Alexander Payne's blog as aggregated by the incredibly useful http://www.infosecdaily.net.

You can find more details of the PF loadable kernel module for NetBSD 2.0 as well as files from: http://nedbsd.nl/~ppostma/pf-lkm.html

It looks like the original announcement message which can be found on http://nedbsd.nl is as follows:

Subject: New pf port
To: None
From: Peter Postma
List: tech-net
Date: 05/11/2004 17:49:14

I'm pleased to announce a new port of the OpenBSD 3.5 packet filter (PF)
to NetBSD 2.0. Unfortunately not a complete port, ALTQ is missing, dynamic
addresses aren't supported and some small parts aren't ported/supported yet.

For more information and the tarball, see this page:
http://nedbsd.nl/~ppostma/pf-lkm.html

If you've questions/suggestions/whatever then please mail me.

-- 
Peter Postma

It looks as though Peter also has NetBSD ports of spamd and pftop, way to go!

(Comments are closed)


Comments
  1. By Anonymous Coward (130.233.25.66) on

    How many people does it take to port PF to NetBSD?

    Comments
    1. By tedu (128.12.75.69) on

      at least three if my count is correct.

  2. By Anthony (68.145.111.134) on

    will everyone PLEASE refrain from goading Darren on misc@...

    Comments
    1. By Sam (195.217.242.33) samh@phayke.com on

      No

    2. By Anonymous Coward (67.70.164.77) on

      I agree, if it weren't for him, PF wouldn't be what it is today.

  3. By RC (4.61.198.35) on

    I have just one serious grip with PF... The pf.conf keeps changing every release of OpenBSD! It's not usually serious changes, but it's a pain in the ass anyhow. Just having to change "all" to "to any" (or whatever it was) and no longer accepting "flags S" is enough to drive a person crazy. The pfctl program doesn't tell you what's wrong, you have to look through the whole man-page every time, like it's the first time, and learn the syntax all over again. It would be trivial to maintain backwards compatibility, and it is a serious hassle to upgrade a ruleset. That's especially true when you need to do it for a dozen headless boxes (alright, somebody grab a monitor and keyboard, we're going hunting in the server room...) Nothing personal, I like PF, but quirks like this start getting to you, and make great features less attractive... It's about 2 years old now, I really don't see why there still has to be ongoing trivial syntax changes.

    Comments
    1. By djm@ (203.217.28.239) djm@mindrot.org on

      Strange, I have never had problems with syntax changes. The only thing I remember having to ever change was the flags thing and that was quite a while ago. What broke from 3.4 to 3.5? (I can't think of anything)

      Comments
      1. By RC (4.61.198.35) on

        My specific problem was that "all" didn't work any more (in some rules, it worked in others for some reason). I had to change it to "to any", which I figured out after 30 minutes reading through the pf.conf manpage. It also had a problem with flags, variable specification, etc. There's more, I'm sure, but that's it for changes off the top of my head. I think my post my have single-handedly proven that the moderation system here is not good to rely upon. My post was not a troll, or flame, or anything like that, yet it gets moderated to negative-two. I'll make sure I never set a threshold, which pretty much eliminates the usefulness of moderation.

        Comments
        1. By krh (207.75.179.169) on

          As it is I think there are problems with the moderation system at the moment. Not to say it's a bad idea, but I think it needs some changes. One that comes to mind is vote-stuffing; I'm on a dialup, so by redialing repeatedly, I can make any post go as high or as low as I want. But fixing this would require some sort of login, which would be a very big change for undeadly.

          A second problem is practical; good posts should be modded up and bad ones down, but not enough people are voting for any of us to have confidence in the results. Any post can be modded down by a vote or two, no matter how good it is. I've seen a few posts which were -1/1 where I thought, "I don't think this post should really be modded down." The most number of people I've seen vote on a post has been 24 (the first post on "IPv6 Behind a NAT with OpenBSD and Freenet6"; it's -18/24), and I'm sure more than 24 people read and had an opinion on that comment. (I'm also sure than more than 0 people read and have an opinion on most posts) If we're going to make the voting system effective, most posts should be modded by at least five people.

          A third problem is scale. Right now undeadly isn't getting very many trolls (thank goodness), so the distinction between a good post and a bad one is pretty small. I'm sure that if someone says the P word, the standard for a good post will suddenly get a lot looser. Posts which now would be either modded down slightly or left neutral might be modded up, because, in comparison to a real troll, they're good to read. (But on the other hand, if enough people get frustrated, they might make the standard stricter; either way I'm convinced the standard won't stay the same.) This means you have to keep changing your threshold, because a post that's "worth" -2 one day may be worth 0 a month later when serious trolls are about and may go back to being -2 a month after that. But what's the use of a threshold if you have to keep changing it?

          (Has anyone else noticed that the P word is Latin for peace, yet whenever it shows up, it always brings war?)

          Having said all of that, I still like the moderation system, and I'd be pretty happy if it continued mostly as it is. The change I'd like the most is for more people to vote!

          Comments
          1. By Daniel Hartmeier (62.65.145.30) daniel@benzedrine.cx on

            I've thought about the following extentions:

            a) Allow the threshold to include a second value, on the number of votes. Like: ignore the sum (and show comment) when the total number of votes is below x, only apply the sum threshold when more than x people have voted.

            b) Don't show (and compare to thresholds) any sums when the number of votes is lower than, say, 5 people. So the first 5 voters have to vote blindly (not knowing how others rated the comment).

            c) multiply the sum by (a fraction of) the number of votes, so sums consisting of many votes become larger (unless exactly zero, not sure what the conclusion should be if a comment gets 100 positive and 100 negative votes, I guess that's a highly polarizing comment, then ;)

            This would address the low statistical relevance of sums consisting of only few votes. Obviously, if only few people vote, there's not much statistically relevant data to operate on, and no math will make it better. :)

            Comments
            1. By krh (207.75.178.161) on

              My vote is for (b). (a) would be okay, too. I don't like (c), though, because it means that posts which are very close to neutral aren't scored that way unless they're exactly neutral:

              Suppose that we have integers U and D (for the number of up and down votes) and a positive real number f (for the fraction to multiply the sum by). Let the score S be equal to f*(U+D)*(U-D), that is, a fraction times the total number of votes times the raw score. Multiplying out, we get S=f*(U^2-D^2).

              Suppose further that the post under consideration is just about neutral, but not exactly: Let U = D + 1. Then S=f*((D+1)^2-D^2)=f*(2D+1). So as the post gets closer and closer to true neutral (i.e., as D goes to infinity), S also goes to infinity, so that the post looks popular, not polarizing. Moreover, if all of a sudden two people vote the post down, its score first becomes zero, and then a negative number, f*(-3D+5) (Here D is still the original number of down votes).

              Another side effect is that posts which are indeed popular will have astronomical scores, since S increases quadratically for a fixed D. (Similarly, posts which are unpopular will have tremendous negative scores.)

              I don't think that any of these behaviors are desirable, and I'd hate to see them become a part of undeadly.

            2. By RC (4.61.193.151) on

              > only apply the sum threshold when more than x people have voted. Couldn't people currently just set their threshold to negative x to get that effect? Since X number of people need to vote to get a comment to -X, that would seem to do the job. > the first 5 voters have to vote blindly I'm not so sure that would improve the voting any. Do people really look at the current moderation and say: "It's at -2, I better mod it down", when they were going to moderate it up? > c) multiply the sum by (a fraction of) the number of votes That would just exaggerate the moderation. I don't see how that would possibly help comments that have been initially moderated negative by a few mistaken individuals.

            3. By RC (4.61.193.151) on

              > only apply the sum threshold when more than x people have voted.

              Couldn't people currently just set their threshold to negative x to get that effect? Since X number of people need to vote to get a comment to -X, that would seem to do the job.

              > the first 5 voters have to vote blindly

              I'm not so sure that would improve the voting any. Do people really look at the current moderation and say: "It's at -2, I better mod it down", when they were going to moderate it up?

              > c) multiply the sum by (a fraction of) the number of votes

              That would just exaggerate the moderation. I don't see how that would possibly help comments that have been initially moderated negative by a few mistaken individuals.

              Comments
              1. By krh (207.75.179.167) on

                Regarding thresholds, what you're saying is a little different from how I think Daniel's proposal works: If I want to read any post with a score of at least -1 that's gotten at least five votes, that means that I'll see a post that's -2/4 but not a post that's -2/6. This matches what you're saying when you want to see posts with a score of at least -X that have been voted on by at least X people, but not in other cases.

                And while I don't like admitting my own biases, I think that seeing a negative score, even if it's only -1/1, probably does bias me a bit against a post. I'd rather read the post without knowing that someone had (possibly wrongly) modded it down.

                The more I think about ranking posts, the better a percentage scheme sounds: Just divide the number of up votes by the number of total votes and display it as a percentage. If an article hasn't gotten any votes, call it 50%. This feels better to me than up votes minus down votes, because it's independent of the number of total votes. Indeed, if 2/3 of the people who read a post like it, the score could be 1/3, 10/30, or 100/300--but they all mean that 2/3 of the people who voted liked it.

                Comments
                1. By Daniel Hartmeier (62.65.145.30) daniel@benzedrine.cx on

                  You can now set arbitrary expressions as thresholds. A simple number has the same effect as before (showing only comments with sum >= that value), but you can now try:

                  s >= 0
                  (u * 100) / c >= 75
                  c < 5 | s >= 0
                  
                  where c is total count of votes, u is number of ups, d number of downs, s sum (s = u - d), also see the 'Help' link next to the threshold box. If you find useful expressions, let me know. :)

                  Comments
                  1. By Stelianos G. Sfakianakis (139.91.254.18) on

                    I put the expression
                    c < 5 | (u * 100) / c >= 75
                    as a threshold but in the expanded view comments from different threads seem to be mixed up.

                    OTOH, I think this feature is very cool!

                    Comments
                    1. By Daniel Hartmeier (62.65.145.30) daniel@benzedrine.cx on

                      That problem occurs with simple thresholds as well, whenever a parent is hidden (due to the threshold) but children of it are shown. Maybe a placeholder (which indents correctly) should be used in that case.

                      Another problem is proper escaping (html and http) now that the parameter can contain spaces, <> and &. If posting seems broken right now, try disabling the complex threshold before posting, at least until that's fixed ;)

    2. By Anonymous Coward (134.58.253.130) on

      I think syntax changes, where appriopriate, are a good thing.

      Otherwise, you'd end up with bad, unlogical syntax that has 'grown over the years'. When new features are added, and it makes sense to change the syntax, that's a good thing.

      Also, PF development is still going at a very fast pace. PF is still rather young, so syntax changes are normal. As PF gets older, they'll become less and less necessary

    3. By Anonymous Coward (195.212.29.91) on

      As long as you remember to do a
      pfctl -nf /etc/pf.conf
      before the
      pfctl -f /etc/pf.conf
      you will never have to attach keyboard and display to your headless box.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]