[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: important pf changes

To: "Johan Sunnerstig" <Johan.Sunnerstig@netgiro.com>,<misc@openbsd.org>
Subject: Re: important pf changes
From: Lucas Valdeón <lvaldeon@agora-europe.com>
Date: Tue, 1 Apr 2003 15:24:45 +0200
 Ok. We started this translation as local user group,
so we will updated to cvs branch.

	Lucas

> How about changing the SSHD config files to Spanish?
> I need to brush up on that too.
>
> Johan
>
> -----Original Message-----
> From: Henning Brauer [mailto:henning@openbsd.org]
> Sent: den 1 april 2003 13:17
> To: misc@openbsd.org; pf@benzedrine.cx
> Subject: important pf changes
>
>
> Hi guys,
>
> After much discussion we made a hard decision: we will change pf
> syntax from
> English to German.
>
> Let me explain.
>
> Most of the pf developers are native german speakers. It's very
> hard for us
> to dream up new keywords in a foreign language. In fact, I have a few new
> features in mind I would really like to have, but cannot
> implement because I
> can't think of a reasonable English keyword.
>
> And, of course, we do not want to support a regime attacking poor
> Afghan and
> Iraqi farmers by using the english language.
> We realize this change is radical, and that it will cause some management
> issues for you, but it's really worth it, the new syntax is so much more
> clear and simple, you won't regret it. Look at this example:
>
> ext_if="dc0"
>
> mach isnich-Gesetz Schiesszurueck
> mach limit { states 10000, frags 5000 }
> mach erzwinge-Reihenfolge noe
>
> AndereSchlangen auf $ext_if Bandbreite 10Mb Klassen-basiertes-anstellen \
> 	Schlange { ssh, http, allet }
> Schlange allet Bandbreite 1Mb Klassen-basiertes-anstellen(default)
> Schlange ssh Bandbreite 1Mb Klassen-basiertes-anstellen(leihen) \
> 	{ ssh_bulk, ssh_prio }
> Schlange  ssh_bulk Prioritaet 0
> Schlange  ssh_prio Prioritaet 7
> Schlange http Bandbreite 9Mb
>
> Tabelle <Spinnennetzservierer> { 10.0.0.1, 10.0.0.7, 10.0.0.9 }
>
> scrub rein von wurscht nach 10/8 zufalls-id
>
> ueberzetze auf $ext_if dasAlteProtokoll von 10/8 nach wurscht -> $ext_if
> umleite auf $ext_if von wurscht nach $ext_if -> 10.0.0.1
>
> nixschummeln SchnellSchnellSchnell fuer $ext_if
>
> isnich lassfallen SchnellSchnellSchnell auf $ext_if von 192.168/16
> lass rein SchnellSchnellSchnell auf $ext_if Protokoll tcp nach \
> 	 <Spinnennetzservierer> Hafen 80 Flaggen S/SA halte Status \
> 	 Schild "wodieSeitenherkommen" Schlange http
> lass raus SchnellSchnellSchnell auf $ext_if Protokoll tcp nach wurscht \
> 	 Hafen 22 Flaggen S/SA halte Status Schild "ssh-raus" \
> 	 Schlange (ssh_bulk, ssh_prio)
>
> it's obviously so much better than what we have now, and we get rid of the
> last remnants of IPF. Rest in Peace.
>
> below is an early diff - the print-functions need to be updated, for
> example.
> have fun!
>
> Index: parse.y
> ===================================================================
> RCS file: /cvs/src/sbin/pfctl/parse.y,v
> retrieving revision 1.343
> diff -u -r1.343 parse.y
> --- parse.y	19 Mar 2003 15:51:40 -0000	1.343
> +++ parse.y	1 Apr 2003 01:20:48 -0000
> @@ -3418,93 +3418,93 @@
>  {
>  	/* this has to be sorted always */
>  	static const struct keywords keywords[] = {
> -		{ "all",		ALL},
> -		{ "allow-opts",		ALLOWOPTS},
> -		{ "altq",		ALTQ},
> -		{ "anchor",		ANCHOR},
> -		{ "antispoof",		ANTISPOOF},
> -		{ "any",		ANY},
> -		{ "bandwidth",		BANDWIDTH},
> -		{ "binat",		BINAT},
> -		{ "binat-anchor",	BINATANCHOR},
> -		{ "bitmask",		BITMASK},
> -		{ "block",		BLOCK},
> -		{ "block-policy",	BLOCKPOLICY},
> -		{ "borrow",		BORROW},
> -		{ "cbq",		CBQ},
> -		{ "code",		CODE},
> -		{ "crop",		FRAGCROP},
> -		{ "default",		DEFAULT},
> -		{ "drop",		DROP},
> -		{ "drop-ovl",		FRAGDROP},
> -		{ "dup-to",		DUPTO},
> -		{ "ecn",		ECN},
> -		{ "fastroute",		FASTROUTE},
> -		{ "file",		FILENAME},
> -		{ "flags",		FLAGS},
> -		{ "for",		FOR},
> -		{ "fragment",		FRAGMENT},
> -		{ "from",		FROM},
> -		{ "group",		GROUP},
> -		{ "icmp-type",		ICMPTYPE},
> -		{ "icmp6-type",		ICMP6TYPE},
> -		{ "in",			IN},
> -		{ "inet",		INET},
> -		{ "inet6",		INET6},
> -		{ "keep",		KEEP},
> -		{ "label",		LABEL},
> -		{ "limit",		LIMIT},
> -		{ "log",		LOG},
> -		{ "log-all",		LOGALL},
> -		{ "loginterface",	LOGINTERFACE},
> -		{ "max",		MAXIMUM},
> -		{ "max-mss",		MAXMSS},
> -		{ "min-ttl",		MINTTL},
> -		{ "modulate",		MODULATE},
> -		{ "nat",		NAT},
> -		{ "nat-anchor",		NATANCHOR},
> -		{ "no",			NO},
> -		{ "no-df",		NODF},
> -		{ "no-route",		NOROUTE},
> -		{ "on",			ON},
> -		{ "optimization",	OPTIMIZATION},
> -		{ "out",		OUT},
> -		{ "pass",		PASS},
> -		{ "port",		PORT},
> -		{ "priority",		PRIORITY},
> -		{ "priq",		PRIQ},
> -		{ "proto",		PROTO},
> -		{ "qlimit",		QLIMIT},
> -		{ "queue",		QUEUE},
> -		{ "quick",		QUICK},
> -		{ "random",		RANDOM},
> -		{ "random-id",		RANDOMID},
> -		{ "rdr",		RDR},
> -		{ "rdr-anchor",		RDRANCHOR},
> -		{ "reassemble",		FRAGNORM},
> -		{ "red",		RED},
> -		{ "reply-to",		REPLYTO},
> -		{ "require-order",	REQUIREORDER},
> -		{ "return",		RETURN},
> -		{ "return-icmp",	RETURNICMP},
> -		{ "return-icmp6",	RETURNICMP6},
> -		{ "return-rst",		RETURNRST},
> -		{ "rio",		RIO},
> -		{ "round-robin",	ROUNDROBIN},
> -		{ "route-to",		ROUTETO},
> -		{ "scrub",		SCRUB},
> -		{ "set",		SET},
> -		{ "source-hash",	SOURCEHASH},
> -		{ "state",		STATE},
> -		{ "static-port",	STATICPORT},
> -		{ "table",		TABLE},
> -		{ "tbrsize",		TBRSIZE},
> -		{ "timeout",		TIMEOUT},
> -		{ "to",			TO},
> -		{ "tos",		TOS},
> -		{ "ttl",		TTL},
> -		{ "user",		USER},
> -		{ "yes",		YES},
> +		{ "AndereSchlangen",		ALTQ},
> +		{ "Anker",			ANCHOR},
> +		{ "Bandbreite",			BANDWIDTH},
> +		{ "Benutzer",			USER},
> +		{ "Datei",			FILENAME},
> +		{ "Flaggen",			FLAGS},
> +		{ "Gruppe",			GROUP},
> +		{ "Hafen",			PORT},
> +		{ "Klassen-basiertes-anstellen",	CBQ},
> +		{ "Kode",			CODE},
> +		{ "Optimierung",		OPTIMIZATION},
> +		{ "Prioritaet",			PRIORITY},
> +		{ "Protokoll",			PROTO},
> +		{ "Schiesszurueck",		RETURN},
> +		{ "Schiesszurueck-icmp",	RETURNICMP},
> +		{ "Schiesszurueck-icmp6",	RETURNICMP6},
> +		{ "Schiesszurueck-rst",		RETURNRST},
> +		{ "Schild",			LABEL},
> +		{ "Schlange",			QUEUE},
> +		{ "SchnellSchnellSchnell",	QUICK},
> +		{ "Schnellrouten",		FASTROUTE},
> +		{ "Status",			STATE},
> +		{ "Tabelle",			TABLE},
> +		{ "alles",			ALL},
> +		{ "antworte-nach",		REPLYTO},
> +		{ "auf",			ON},
> +		{ "bitmaske",			BITMASK},
> +		{ "biuebersetzen",		BINAT},
> +		{ "biuebersetzen-anker",	BINATANCHOR},
> +		{ "crop",			FRAGCROP},
> +		{ "dasAlteProtokoll",		INET},
> +		{ "dasNeueProtokoll",		INET6},
> +		{ "default",			DEFAULT},
> +		{ "drop-ovl",			FRAGDROP},
> +		{ "dup-to",			DUPTO},
> +		{ "ecn",			ECN},
> +		{ "erlaube-optionen",		ALLOWOPTS},
> +		{ "erzwinge-Reihenfolge",	REQUIREORDER},
> +		{ "fragment",			FRAGMENT},
> +		{ "fuer",			FOR},
> +		{ "halte",			KEEP},
> +		{ "icmp-typ",			ICMPTYPE},
> +		{ "icmp6-typ",			ICMP6TYPE},
> +		{ "isnich",			BLOCK},
> +		{ "isnich-Gesetz",		BLOCKPOLICY},
> +		{ "ja",				YES},
> +		{ "kein-df",			NODF},
> +		{ "kein-weg",			NOROUTE},
> +		{ "lass",			PASS},
> +		{ "lassfallen",			DROP},
> +		{ "leihen",			BORROW},
> +		{ "limit",			LIMIT},
> +		{ "log",			LOG},
> +		{ "log-all",			LOGALL},
> +		{ "loginterface",		LOGINTERFACE},
> +		{ "mach",			SET},
> +		{ "max",			MAXIMUM},
> +		{ "max-mss",			MAXMSS},
> +		{ "min-ttl",			MINTTL},
> +		{ "moduliere",			MODULATE},
> +		{ "nach",			TO},
> +		{ "nixschummeln",		ANTISPOOF},
> +		{ "noe",			NO},
> +		{ "priq",			PRIQ},
> +		{ "qlimit",			QLIMIT},
> +		{ "raus",			OUT},
> +		{ "reassemble",			FRAGNORM},
> +		{ "rein",			IN},
> +		{ "rio",			RIO},
> +		{ "rot",			RED},
> +		{ "runder-rudi",		ROUNDROBIN},
> +		{ "scrub",			SCRUB},
> +		{ "source-hash",		SOURCEHASH},
> +		{ "static-port",		STATICPORT},
> +		{ "tbrsize",			TBRSIZE},
> +		{ "timeout",			TIMEOUT},
> +		{ "tos",			TOS},
> +		{ "ttl",			TTL},
> +		{ "ueberzetz-anker",		NATANCHOR},
> +		{ "ueberzetze",			NAT},
> +		{ "umleite",			RDR},
> +		{ "umleite-anker",		RDRANCHOR},
> +		{ "von",			FROM},
> +		{ "weg-nach",			ROUTETO},
> +		{ "wurscht",			ANY},
> +		{ "zufall",			RANDOM},
> +		{ "zufalls-id",			RANDOMID},
>  	};
>  	const struct keywords	*p;
>
>

*****************************************************************************
Este  mensaje  contiene  información  confidencial destinada  para ser leída
exclusivamente por el destinatario. Su contenido no constituye un compromiso
para  Ágora-Europe S.A.  salvo ratificación escrita por  ambas partes. Queda
prohibida la  reproducción,  publicación, divulgación,  total o parcial  del
mensaje así como el uso  no autorizados por el emisor. En caso de recibir el
mensaje por error, se ruega su comunicación al remitente lo antes posible.

This message contains confidential information for  the exclusive use of the
recipient.Its contents do not  constitute a commitment by  Agora-Europe S.A.
except  where  provided  for in  a  signed  agreement  between both parties.
Any unauthorised disclosure,  use or dissemination, either whole or partial,
is  prohibited.  If you  are  not  the intended recipient  of  the  message,
please  notify  the  sender as soon as possible.
*****************************************************************************
References:
- Re: important pf changes
  - From: Johan Sunnerstig <Johan.Sunnerstig@netgiro.com>
Prev by Date: Re: important pf changes
Next by Date: Re: important pf changes
Prev by thread: Re: important pf changes
Next by thread: Re: important pf changes
Index(es):
- Date
- Thread