At one point, I saw *somewhere* a sample ruleset for pf using the new
4.7 syntax.   However, neither I nor my usage of google seems to be
able to dig up that web page again.

Could someone post a quick link to the ruleset, so that I can start
understanding the new syntax?  

thanks.

[ message continues ]

a little odd that the pf faq has not been updated, it must be an
oversigth.  But anyway, the slides from my BSDCan 2010 PF tutorial are
up at

http://home.nuug.no/~peter/pf/bsdcan2010/

in there should be enough material to get you started with 4.7-style
configs.  Yes, I'm planning to refresh the (short&free) full text
version as well plus of course the book (in case you were wondering,
I'm working on both).

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

[ message continues ]

On 5/22/2010 at 7:03 PM peter@bsdly.net wrote:

|"Mike M" <the.lists@mgm51.com> writes:
|
|> At one point, I saw *somewhere* a sample ruleset for pf using the
new
|> 4.7 syntax.   However, neither I nor my usage of google seems to be
|> able to dig up that web page again.
|
|a little odd that the pf faq has not been updated, it must be an
|oversigth.  But anyway, the slides from my BSDCan 2010 PF tutorial are
|up at
|
|http://home.nuug.no/~peter/pf/bsdcan2010/
|
|in there should be enough material to get you started with 4.7-style
|configs.  Yes, I'm planning to refresh the (short&free) full text
|version as well plus of course the book (in case you were wondering,
|I'm working on both).
 =============

Yes, the pf FAQ was the first place I looked.  :(

Thank-you very much for the link.  That is the exact page I was looking
for.

[ message continues ]

huh? it has been updated, the same day 4.7 has been released

-- 
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

[ message continues ]

It looks like they missed a spot in the examples at
http://www.openbsd.org/faq/pf/example1.html then.  The other parts I
checked just now have 4.7 syntax.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

[ message continues ]

On 5/22/2010 at 7:26 PM Henning Brauer wrote:

|* Peter N. M. Hansteen <peter@bsdly.net> [2010-05-22 19:08]:
|> a little odd that the pf faq has not been updated
|
|huh? it has been updated, the same day 4.7 has been released
|
 =============


I see the pre-4.7 info here:

 http://openbsd.org/faq/pf/example1.html#nat
 http://openbsd.org/faq/pf/example1.html#allrules


Maybe my ISP has a cache somwhere that is feeding me an old page
then....

[ message continues ]

go write "you shall not use openbsd.org but www.openbsd.org" a
thousand times at least

-- 
Henning Brauer, hb@bsws.de, henning@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

[ message continues ]

On 5/22/2010 at 7:56 PM Henning Brauer wrote:

|* Mike M <the.lists@mgm51.com> [2010-05-22 19:45]:
|> On 5/22/2010 at 7:26 PM Henning Brauer wrote:
|> 
|> |* Peter N. M. Hansteen <peter@bsdly.net> [2010-05-22 19:08]:
|> |> a little odd that the pf faq has not been updated
|> |
|> |huh? it has been updated, the same day 4.7 has been released
|> |
|>  =============
|> 
|> 
|> I see the pre-4.7 info here:
|> 
|>  http://openbsd.org/faq/pf/example1.html#nat
|
|go write "you shall not use openbsd.org but www.openbsd.org" a
|thousand times at least
 =============

OK, done.


But I still see the pre-4.7 syntax on this page:

http://www.openbsd.org/faq/pf/example1.html#nat
http://www.openbsd.org/faq/pf/example1.html#allrules

[ message continues ]

From Nick Holland a couple of days ago, on this list:

"As for why they are different:  www.openbsd.org is the main webserver.
without the www. is a development machine, not intended for public use."

[ message continues ]