ping

(probably works... new switch who dis?)

pong

pong

.oO kaboom!:)

sal danmcd

Bits are moving on the Kebecloud/danmcd-at-work networks. (For the Triton-aware, Kebecloud's "external" network is my HDC's "work" network.)

danmcd: out of curiosity, what's your new switch?

This bad boy, used and a good deal, it seems: store.ui.com/us/en/products/usw-enterprisexg-24

looks really nice.

[illumos-gate] 14733 loader.efi: faults could try to print out call trace -- Toomas Soome <tsoome⊙mc>

I had a discussion with Alan Coopersmith on MAstodon. He is a Solaris developer at Oracle. I asked him regarding open sourcing the PF Solaris port. He contacted me, the next source drop will include the open source part of PF. It means they keep some interfacing logic between PF and the kernel closed source, but that can be recreated.

It means it could be somewhat easier to get a modern firewall for Illumos

the kernel part of pf is the hard part

unfortunately.

Also, is pf like ipf in that it's FW *and* NAT? I think we can Do Really Better in NAT-land. I know OPTE exists in Oxide, but that feels too heavyweight.

We have conn_t that can be repurposed for NAT session state (where the conn_t points to the "external network(s)" side).

danmcd: this is all artifacts of porting the kernel side

and yeah, the harder part

this is well beyond me, I just know PF from using OpenBSD on desktop, so not mission-critical setting. I tought it could be still useful to get the adapted PF sources from Oracle

oh, it no doubt is!

I just was just trying to temper anyones hopes

(I wish for pf too, I just don't have the time to build the expertise)

I think anyone who has seen ipf on the inside is at least very open to the idea

heh

I haven't seen ipf inside out, but i have spendt countless hours to try to secure my NAS from the aliens. What I noticed it is pretty similar to PF on the rule-level.

It took around 2 months for the Oracle guys to give a positive feedback, so in case you want something from Oracle but you were to shy to ask: just do it.

Herebis the original discussion: hachyderm.io/@alanc/115930032820811390

it'll be a few weeks still until the 11.4.90 release with those source files in (and a few others added too)

amusingly the one source file in that release with a Joyent copyright & CDDL license came to us from FreeBSD, not illumos

I didn't noticed you are here :)

Nice to meet you Alan.

And also good night, it is late now here. Bye!

hm, that's interesting at least from the point of view that pf has better documentation than ipf