14:19:52 <danmcd> ping
14:20:04 <danmcd> (probably works... new switch who dis?)
14:21:46 <Woodstock> pong
14:21:49 <m1ari> pong
14:28:06 <tsoome_> .oO kaboom!:)
15:16:55 <SarahMalik> sal danmcd 
17:09:17 <danmcd> Bits are moving on the Kebecloud/danmcd-at-work networks.  (For the Triton-aware, Kebecloud's "external" network is my HDC's "work" network.)
18:42:53 <sommerfeld> danmcd: out of curiosity, what's your new switch?
18:43:59 <danmcd> This bad boy, used and a good deal, it seems:  https://store.ui.com/us/en/products/usw-enterprisexg-24
20:37:10 <tsoome_> looks really nice.
20:50:21 <gitomat> [illumos-gate] 14733 loader.efi: faults could try to print out call trace -- Toomas Soome <tsoome⊙mc>
21:01:19 <szilard> I had a discussion with Alan Coopersmith on MAstodon. He is a Solaris developer at Oracle. I asked him regarding open sourcing the PF Solaris port. He contacted me, the next source drop will include the open source part of PF. It means they keep some interfacing logic between PF and the kernel closed source, but that can be recreated.
21:03:00 <szilard> It means it could be somewhat easier to get a modern firewall for Illumos
21:09:51 <richlowe> the kernel part of pf is the hard part
21:09:56 <richlowe> unfortunately.
21:11:50 <danmcd> Also, is pf like ipf in that it's FW *and* NAT?  I think we can Do Really Better in NAT-land.  I know OPTE exists in Oxide, but that feels too heavyweight.
21:12:18 <danmcd> We have conn_t that can be repurposed for NAT session state (where the conn_t points to the "external network(s)" side).
21:12:32 <richlowe> danmcd: this is all artifacts of porting the kernel side
21:12:38 <richlowe> and yeah, the harder part
21:25:38 <szilard> this is well beyond me, I just know PF from using OpenBSD on desktop, so not mission-critical setting.  I tought it could be  still useful to get the adapted PF sources from Oracle
21:27:12 <richlowe> oh, it no doubt is!
21:27:19 <richlowe> I just was just trying to temper anyones hopes
21:27:48 <richlowe> (I wish for pf too, I just don't have the time to build the expertise)
21:27:57 <richlowe> I think anyone who has seen ipf on the inside is at least very open to the idea
21:28:13 <jbk> heh
21:29:19 <szilard> I haven't seen ipf inside out, but i have spendt countless hours to try to secure my NAS from the aliens. What I noticed it is pretty similar to PF on the rule-level.
21:30:21 <szilard> It took around 2 months for the Oracle guys to give a positive feedback, so in case you want something from Oracle but you were to shy to ask: just do it.
21:35:44 <szilard> Herebis the original discussion: https://hachyderm.io/@alanc/115930032820811390
21:48:31 <alanc> it'll be a few weeks still until the 11.4.90 release with those source files in (and a few others added too)
22:02:40 <alanc> amusingly the one source file in that release with a Joyent copyright & CDDL license came to us from FreeBSD, not illumos
22:09:08 <szilard> I didn't noticed you are here :)
22:09:18 <szilard> Nice to meet you Alan.
22:10:25 <szilard> And also good night, it is late now here. Bye!
22:27:52 <gemelen> hm, that's interesting at least from the point of view that pf has better documentation than ipf