Page MenuHomeFreeBSD

ipfilter #ifdef cleanup

Authored by cy on Jan 28 2019, 8:56 PM.



Remove #ifdefs for ancient and irrelevant operating systemsfrom

When ipfilter was written the UNIX and UNIX-like systems in use
were various and plentiful. IRIX, Tru64 (OSF/1) don't exist any
more. OpenBSD removed ipfilter during the first time the license
terms changed in the early 2000's. ipfilter on AIX, HP/UX, and
Linux never really caught on. Removal of code for operating systems
that ipfilter will never run on again will simplify the code making
it easier to fix bugs, complete partially implemented features, and
extend ipfilter.

What remains is FreeBSD, NetBSD, and illumos. FreeBSD and NetBSD have
collaborated exchanging patches while illumos has expressed willingness
to have their ipfilter updated to current, provided their zone-specific
updates to their ipfilter are merged (which are of interest to
FreeBSD to allow control of ipfilters in jails from the global zone).

Test Plan

make tinderbox completed successfully on universe13b.

Running on my local ipfilter firewall and laptop.

Diff Detail

rS FreeBSD src repository
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

cy created this revision.Jan 28 2019, 8:56 PM
cy added a comment.Jan 28 2019, 8:58 PM

I should also mention that this also removes support for older versions of FreeBSD.

glebius accepted this revision.Jan 29 2019, 4:28 PM

Very happy to see this.

btw, what is the status of ipfilter wrt upstream merges? Are there going to be any? If no, then it probably should move from sys/contrib to sys/netpfil.

This revision is now accepted and ready to land.Jan 29 2019, 4:28 PM
cy added a comment.Jan 29 2019, 8:16 PM

My emails to Darren are unanswered. I asked Christos Zoulas ( to check in on Darren. He told me Darren is taking a hiatus from ipfilter and doesn't know when he will be back. I want to discuss this with Christos first (as it appears he's still in contact with Darren), maybe at BSDCan (if I can go). I'll make my decision after that.

This revision was automatically updated to reflect the committed changes.