CLI tool to convert OpenBSD Packet Filter config files to JSON and vice versa

47•fork-bomber•4mo ago

Comments

djoldman•4mo ago

Total aside, but I LOVE that it's written in a non-top10 language without the "in [language]" comment.

hnlmorg•4mo ago

For some reason I was under the impression that V (Vlang) was vaporware. Nice to see something built in it.

baranul•3mo ago

That "impression" most likely comes from purposeful propaganda that originates from competitors of V (Vlang). It's a really twisted and foul story of how they tried to suppress the language. ZeQLplus, Papyrus Compiler, Lilly Editor[1][2] (author, Tauraamui, did a recent video interview), etc... Are among many examples of fun useful apps that people write in Vlang all of the time, with various ones being in existence for years.

[1]: https://www.youtube.com/watch?v=MvFHT0N9inw (Just Try Out New Languages - part of a longer interview)

[2]: https://news.ycombinator.com/item?id=43462676 (TUI editor and Vim/Neovim alternative)

[3]: https://github.com/vlang/awesome-v

SoftTalker•4mo ago

Is that the reason this is being upvoted? Otherwise what is the purpose of converting pf.conf to JSON?

gh02t•4mo ago

So asking a real question not being sarcastic and having only dabbled with OpenBSD's pf, what is the use for this? The examples seem to point to using it for backups, but what does json give you versus just backing up the file directly? Is it to make manipulating pf config files programmatically easier?

intothemild•4mo ago

No. You're not being sarcastic here. PFs config files can't really be any more complicated or easier in json than in its native form.

So, other than validation or something... Which, if you are already parsing the file into json and back again... Means you already can parse pf.conf files, and just do validation directly there.

So if it's just backing up, then yeah why add the extra step of converting the file before backing it up

hnlmorg•4mo ago

I assumed it was to make it easier working with the files programmatically. Eg using jq or one of the many many other solutions for JSON in shell scripts.

mrweasel•4mo ago

Neat, but why? I could see this being handy if the pf language was changed and this tool could covert between the old and new configuration. I believe pf have been substantially updated in the past and I don't recall there being a conversion tool.

SoftTalker•4mo ago

I'm not affiliated with the project but I believe the chance of OpenBSD adopting JSON as a config file format are approximately zero, to whatever degree of precision you might choose.

grapesodaaaaa•4mo ago

The pf language is also shockingly readable for a firewall config

mrweasel•4mo ago

Sounds about right, but they also don't need to, all the OpenBSD specific configuration is mostly done in the same manor, meaning that if you know PF, then the configuration language for httpd, relayd or OpenSMTPd isn't all that foreign to you.

JSON is generally a pretty poor configuration language, so I wouldn't hope that it would be adopted.

sedawkgrep•4mo ago

Ok, lots of questions around 'why' and no answers, so let me take a stab.

I suspect that the purpose of this is to be able to ingest pf.conf files into a larger security tool. Something like an NDR/XDR/SOAR, or perhaps Splunk.

SecOps wants to know what the existing policies are (for compliance and validation), and to orchestrate enforcement when an IoC (or whatever) prompts investigation and action. Getting the format into JSON opens up the whole landscape for integration into existing tooling.

accrual•4mo ago

Nice, that's a reasonable use case. I've been working on centralizing my home lab config and this tool could help bring pf.conf in/out of a central JSON config. Mine already handles static DHCP leases, local hostnames, certificates, etc.

whydoyoucare•4mo ago

That was my first gut instinct too. Good to know I am not alone. :)

India's Sarvan AI LLM launches Indic-language focused models

Show HN: CryptoClaw – open-source AI agent with built-in wallet and DeFi skills

ShowHN: Make OpenClaw Respond in Scarlett Johansson’s AI Voice from the Film Her

CReact Version 0.3.0 Released

Show HN: CReact – AI Powered AWS Website Generator

The rocky 1960s origins of online dating (2025)

Show HN: Agent-fetch – Sandboxed HTTP client with SSRF protection for AI agents

Why there is no official statement from Substack about the data leak

Effects of Zepbound on Stool Quality

Show HN: Seedance 2.0 – The Most Powerful AI Video Generator

Ask HN: Do we need "metadata in source code" syntax that LLMs will never delete?

Pentagon cutting ties w/ "woke" Harvard, ending military training & fellowships

Can Quantum-Mechanical Description of Physical Reality Be Considered Complete? [pdf]

Kessler Syndrome Has Started [video]

Complex Heterodynes Explained

EVs Are a Failed Experiment

MemAlign: Building Better LLM Judges from Human Feedback with Scalable Memory

CCC (Claude's C Compiler) on Compiler Explorer

Homeland Security Spying on Reddit Users

Actors with Tokio (2021)

Can graph neural networks for biology realistically run on edge devices?

Deeper into the shareing of one air conditioner for 2 rooms

Weatherman introduces fruit-based authentication system to combat deep fakes

Why Embedded Models Must Hallucinate: A Boundary Theory (RCC)

A Curated List of ML System Design Case Studies

Pony Alpha: New free 200K context model for coding, reasoning and roleplay

Show HN: Tunbot – Discord bot for temporary Cloudflare tunnels behind CGNAT

Open Problems in Mechanistic Interpretability

Bye Bye Humanity: The Potential AMOC Collapse

Dexter: Claude-Code-Style Agent for Financial Statements and Valuation