I have no objections to the move (or much feedback to offer on the build changes required. I've very carefully avoided learning about our build system.).

One request though: please try to make sure that each individual commit actually builds. Non-building commits make bisects harder than they need to be.

Yes, that has already been tested. All three commits build by themselves.

Phabricator isn't able to show this revision. Are you sharing your own git anywhere, e.g. github? Looking at actual commits would be much better.

You can find it here --> https://github.com/cschuber/freebsd-ipf-move.git. In that repo the commits were merged into main to avoid any confusion.

You can find it here --> https://github.com/cschuber/freebsd-ipf-move.git. In that repo the commits were merged into main to avoid any confusion.

Looks good to me. Seems to came out easier than pf(4) some time ago.

I've just tried to update with the Phabricator patch ('git arc apply D....'), and while it builds okay it failed during the install step:

install  -o root  -g wheel -m 0755  /usr/src/share/examples/ipfilter/mkfilters  /usr/share/examples/ipfilter/mkfilters
install: /usr/src/share/examples/ipfilter/mkfilters: Inappropriate file type or format
*** [_SCRIPTSINS_mkfilters] Error code 71

make[6]: stopped in /usr/src/share/examples/ipfilter

make[3]: stopped in /usr/src
--- realinstall_subdir_include ---

Perhaps git-arc messed something up, or perhaps there's a deeper issue.

I see the problem. share/examples/ipfilter/mkfilter needs to be flattened. I'll upload a new diff. Sorry about t hat.

This builds, installs & passes tests for me.