[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: important pf changes



Thank god its aprils fool ;)
- Joris Vink -
On Tue, 1 Apr 2003, Henning Brauer wrote:
> Hi guys,
>
> After much discussion we made a hard decision: we will change pf syntax from
> English to German.
>
> Let me explain.
>
> Most of the pf developers are native german speakers. It's very hard for us
> to dream up new keywords in a foreign language. In fact, I have a few new
> features in mind I would really like to have, but cannot implement because I
> can't think of a reasonable English keyword.
>
> And, of course, we do not want to support a regime attacking poor Afghan and
> Iraqi farmers by using the english language.
> We realize this change is radical, and that it will cause some management
> issues for you, but it's really worth it, the new syntax is so much more
> clear and simple, you won't regret it. Look at this example:
>
> ext_if="dc0"
>
> mach isnich-Gesetz Schiesszurueck
> mach limit { states 10000, frags 5000 }
> mach erzwinge-Reihenfolge noe
>
> AndereSchlangen auf $ext_if Bandbreite 10Mb Klassen-basiertes-anstellen \
> 	Schlange { ssh, http, allet }
> Schlange allet Bandbreite 1Mb Klassen-basiertes-anstellen(default)
> Schlange ssh Bandbreite 1Mb Klassen-basiertes-anstellen(leihen) \
> 	{ ssh_bulk, ssh_prio }
> Schlange  ssh_bulk Prioritaet 0
> Schlange  ssh_prio Prioritaet 7
> Schlange http Bandbreite 9Mb
>
> Tabelle <Spinnennetzservierer> { 10.0.0.1, 10.0.0.7, 10.0.0.9 }
>
> scrub rein von wurscht nach 10/8 zufalls-id
>
> ueberzetze auf $ext_if dasAlteProtokoll von 10/8 nach wurscht -> $ext_if
> umleite auf $ext_if von wurscht nach $ext_if -> 10.0.0.1
>
> nixschummeln SchnellSchnellSchnell fuer $ext_if
>
> isnich lassfallen SchnellSchnellSchnell auf $ext_if von 192.168/16
> lass rein SchnellSchnellSchnell auf $ext_if Protokoll tcp nach \
> 	 <Spinnennetzservierer> Hafen 80 Flaggen S/SA halte Status \
> 	 Schild "wodieSeitenherkommen" Schlange http
> lass raus SchnellSchnellSchnell auf $ext_if Protokoll tcp nach wurscht \
> 	 Hafen 22 Flaggen S/SA halte Status Schild "ssh-raus" \
> 	 Schlange (ssh_bulk, ssh_prio)
>
> it's obviously so much better than what we have now, and we get rid of the
> last remnants of IPF. Rest in Peace.
>
> below is an early diff - the print-functions need to be updated, for example.
> have fun!
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/parse.y,v
> retrieving revision 1.343
> diff -u -r1.343 parse.y
> --- parse.y	19 Mar 2003 15:51:40 -0000	1.343
> +++ parse.y	1 Apr 2003 01:20:48 -0000
> @@ -3418,93 +3418,93 @@
>  {
>  	/* this has to be sorted always */
>  	static const struct keywords keywords[] = {
> -		{ "all",		ALL},
> -		{ "allow-opts",		ALLOWOPTS},
> -		{ "altq",		ALTQ},
> -		{ "anchor",		ANCHOR},
> -		{ "antispoof",		ANTISPOOF},
> -		{ "any",		ANY},
> -		{ "bandwidth",		BANDWIDTH},
> -		{ "binat",		BINAT},
> -		{ "binat-anchor",	BINATANCHOR},
> -		{ "bitmask",		BITMASK},
> -		{ "block",		BLOCK},
> -		{ "block-policy",	BLOCKPOLICY},
> -		{ "borrow",		BORROW},
> -		{ "cbq",		CBQ},
> -		{ "code",		CODE},
> -		{ "crop",		FRAGCROP},
> -		{ "default",		DEFAULT},
> -		{ "drop",		DROP},
> -		{ "drop-ovl",		FRAGDROP},
> -		{ "dup-to",		DUPTO},
> -		{ "ecn",		ECN},
> -		{ "fastroute",		FASTROUTE},
> -		{ "file",		FILENAME},
> -		{ "flags",		FLAGS},
> -		{ "for",		FOR},
> -		{ "fragment",		FRAGMENT},
> -		{ "from",		FROM},
> -		{ "group",		GROUP},
> -		{ "icmp-type",		ICMPTYPE},
> -		{ "icmp6-type",		ICMP6TYPE},
> -		{ "in",			IN},
> -		{ "inet",		INET},
> -		{ "inet6",		INET6},
> -		{ "keep",		KEEP},
> -		{ "label",		LABEL},
> -		{ "limit",		LIMIT},
> -		{ "log",		LOG},
> -		{ "log-all",		LOGALL},
> -		{ "loginterface",	LOGINTERFACE},
> -		{ "max",		MAXIMUM},
> -		{ "max-mss",		MAXMSS},
> -		{ "min-ttl",		MINTTL},
> -		{ "modulate",		MODULATE},
> -		{ "nat",		NAT},
> -		{ "nat-anchor",		NATANCHOR},
> -		{ "no",			NO},
> -		{ "no-df",		NODF},
> -		{ "no-route",		NOROUTE},
> -		{ "on",			ON},
> -		{ "optimization",	OPTIMIZATION},
> -		{ "out",		OUT},
> -		{ "pass",		PASS},
> -		{ "port",		PORT},
> -		{ "priority",		PRIORITY},
> -		{ "priq",		PRIQ},
> -		{ "proto",		PROTO},
> -		{ "qlimit",		QLIMIT},
> -		{ "queue",		QUEUE},
> -		{ "quick",		QUICK},
> -		{ "random",		RANDOM},
> -		{ "random-id",		RANDOMID},
> -		{ "rdr",		RDR},
> -		{ "rdr-anchor",		RDRANCHOR},
> -		{ "reassemble",		FRAGNORM},
> -		{ "red",		RED},
> -		{ "reply-to",		REPLYTO},
> -		{ "require-order",	REQUIREORDER},
> -		{ "return",		RETURN},
> -		{ "return-icmp",	RETURNICMP},
> -		{ "return-icmp6",	RETURNICMP6},
> -		{ "return-rst",		RETURNRST},
> -		{ "rio",		RIO},
> -		{ "round-robin",	ROUNDROBIN},
> -		{ "route-to",		ROUTETO},
> -		{ "scrub",		SCRUB},
> -		{ "set",		SET},
> -		{ "source-hash",	SOURCEHASH},
> -		{ "state",		STATE},
> -		{ "static-port",	STATICPORT},
> -		{ "table",		TABLE},
> -		{ "tbrsize",		TBRSIZE},
> -		{ "timeout",		TIMEOUT},
> -		{ "to",			TO},
> -		{ "tos",		TOS},
> -		{ "ttl",		TTL},
> -		{ "user",		USER},
> -		{ "yes",		YES},
> +		{ "AndereSchlangen",		ALTQ},
> +		{ "Anker",			ANCHOR},
> +		{ "Bandbreite",			BANDWIDTH},
> +		{ "Benutzer",			USER},
> +		{ "Datei",			FILENAME},
> +		{ "Flaggen",			FLAGS},
> +		{ "Gruppe",			GROUP},
> +		{ "Hafen",			PORT},
> +		{ "Klassen-basiertes-anstellen",	CBQ},
> +		{ "Kode",			CODE},
> +		{ "Optimierung",		OPTIMIZATION},
> +		{ "Prioritaet",			PRIORITY},
> +		{ "Protokoll",			PROTO},
> +		{ "Schiesszurueck",		RETURN},
> +		{ "Schiesszurueck-icmp",	RETURNICMP},
> +		{ "Schiesszurueck-icmp6",	RETURNICMP6},
> +		{ "Schiesszurueck-rst",		RETURNRST},
> +		{ "Schild",			LABEL},
> +		{ "Schlange",			QUEUE},
> +		{ "SchnellSchnellSchnell",	QUICK},
> +		{ "Schnellrouten",		FASTROUTE},
> +		{ "Status",			STATE},
> +		{ "Tabelle",			TABLE},
> +		{ "alles",			ALL},
> +		{ "antworte-nach",		REPLYTO},
> +		{ "auf",			ON},
> +		{ "bitmaske",			BITMASK},
> +		{ "biuebersetzen",		BINAT},
> +		{ "biuebersetzen-anker",	BINATANCHOR},
> +		{ "crop",			FRAGCROP},
> +		{ "dasAlteProtokoll",		INET},
> +		{ "dasNeueProtokoll",		INET6},
> +		{ "default",			DEFAULT},
> +		{ "drop-ovl",			FRAGDROP},
> +		{ "dup-to",			DUPTO},
> +		{ "ecn",			ECN},
> +		{ "erlaube-optionen",		ALLOWOPTS},
> +		{ "erzwinge-Reihenfolge",	REQUIREORDER},
> +		{ "fragment",			FRAGMENT},
> +		{ "fuer",			FOR},
> +		{ "halte",			KEEP},
> +		{ "icmp-typ",			ICMPTYPE},
> +		{ "icmp6-typ",			ICMP6TYPE},
> +		{ "isnich",			BLOCK},
> +		{ "isnich-Gesetz",		BLOCKPOLICY},
> +		{ "ja",				YES},
> +		{ "kein-df",			NODF},
> +		{ "kein-weg",			NOROUTE},
> +		{ "lass",			PASS},
> +		{ "lassfallen",			DROP},
> +		{ "leihen",			BORROW},
> +		{ "limit",			LIMIT},
> +		{ "log",			LOG},
> +		{ "log-all",			LOGALL},
> +		{ "loginterface",		LOGINTERFACE},
> +		{ "mach",			SET},
> +		{ "max",			MAXIMUM},
> +		{ "max-mss",			MAXMSS},
> +		{ "min-ttl",			MINTTL},
> +		{ "moduliere",			MODULATE},
> +		{ "nach",			TO},
> +		{ "nixschummeln",		ANTISPOOF},
> +		{ "noe",			NO},
> +		{ "priq",			PRIQ},
> +		{ "qlimit",			QLIMIT},
> +		{ "raus",			OUT},
> +		{ "reassemble",			FRAGNORM},
> +		{ "rein",			IN},
> +		{ "rio",			RIO},
> +		{ "rot",			RED},
> +		{ "runder-rudi",		ROUNDROBIN},
> +		{ "scrub",			SCRUB},
> +		{ "source-hash",		SOURCEHASH},
> +		{ "static-port",		STATICPORT},
> +		{ "tbrsize",			TBRSIZE},
> +		{ "timeout",			TIMEOUT},
> +		{ "tos",			TOS},
> +		{ "ttl",			TTL},
> +		{ "ueberzetz-anker",		NATANCHOR},
> +		{ "ueberzetze",			NAT},
> +		{ "umleite",			RDR},
> +		{ "umleite-anker",		RDRANCHOR},
> +		{ "von",			FROM},
> +		{ "weg-nach",			ROUTETO},
> +		{ "wurscht",			ANY},
> +		{ "zufall",			RANDOM},
> +		{ "zufalls-id",			RANDOMID},
>  	};
>  	const struct keywords	*p;
>
>