CLI tool to convert OpenBSD Packet Filter config files to JSON and vice versa

47•fork-bomber•4mo ago

Comments

djoldman•4mo ago

Total aside, but I LOVE that it's written in a non-top10 language without the "in [language]" comment.

hnlmorg•4mo ago

For some reason I was under the impression that V (Vlang) was vaporware. Nice to see something built in it.

baranul•3mo ago

That "impression" most likely comes from purposeful propaganda that originates from competitors of V (Vlang). It's a really twisted and foul story of how they tried to suppress the language. ZeQLplus, Papyrus Compiler, Lilly Editor[1][2] (author, Tauraamui, did a recent video interview), etc... Are among many examples of fun useful apps that people write in Vlang all of the time, with various ones being in existence for years.

[1]: https://www.youtube.com/watch?v=MvFHT0N9inw (Just Try Out New Languages - part of a longer interview)

[2]: https://news.ycombinator.com/item?id=43462676 (TUI editor and Vim/Neovim alternative)

[3]: https://github.com/vlang/awesome-v

SoftTalker•4mo ago

Is that the reason this is being upvoted? Otherwise what is the purpose of converting pf.conf to JSON?

gh02t•4mo ago

So asking a real question not being sarcastic and having only dabbled with OpenBSD's pf, what is the use for this? The examples seem to point to using it for backups, but what does json give you versus just backing up the file directly? Is it to make manipulating pf config files programmatically easier?

intothemild•4mo ago

No. You're not being sarcastic here. PFs config files can't really be any more complicated or easier in json than in its native form.

So, other than validation or something... Which, if you are already parsing the file into json and back again... Means you already can parse pf.conf files, and just do validation directly there.

So if it's just backing up, then yeah why add the extra step of converting the file before backing it up

hnlmorg•4mo ago

I assumed it was to make it easier working with the files programmatically. Eg using jq or one of the many many other solutions for JSON in shell scripts.

mrweasel•4mo ago

Neat, but why? I could see this being handy if the pf language was changed and this tool could covert between the old and new configuration. I believe pf have been substantially updated in the past and I don't recall there being a conversion tool.

SoftTalker•4mo ago

I'm not affiliated with the project but I believe the chance of OpenBSD adopting JSON as a config file format are approximately zero, to whatever degree of precision you might choose.

grapesodaaaaa•4mo ago

The pf language is also shockingly readable for a firewall config

mrweasel•4mo ago

Sounds about right, but they also don't need to, all the OpenBSD specific configuration is mostly done in the same manor, meaning that if you know PF, then the configuration language for httpd, relayd or OpenSMTPd isn't all that foreign to you.

JSON is generally a pretty poor configuration language, so I wouldn't hope that it would be adopted.

sedawkgrep•4mo ago

Ok, lots of questions around 'why' and no answers, so let me take a stab.

I suspect that the purpose of this is to be able to ingest pf.conf files into a larger security tool. Something like an NDR/XDR/SOAR, or perhaps Splunk.

SecOps wants to know what the existing policies are (for compliance and validation), and to orchestrate enforcement when an IoC (or whatever) prompts investigation and action. Getting the format into JSON opens up the whole landscape for integration into existing tooling.

accrual•4mo ago

Nice, that's a reasonable use case. I've been working on centralizing my home lab config and this tool could help bring pf.conf in/out of a central JSON config. Mine already handles static DHCP leases, local hostnames, certificates, etc.

whydoyoucare•4mo ago

That was my first gut instinct too. Good to know I am not alone. :)

How I do and don't use agents

BTDUex Safe? The Back End Withdrawal Anomalies

Show HN: Compile-Time Vibe Coding

Show HN: Ensemble – macOS App to Manage Claude Code Skills, MCPs, and Claude.md

PR to support XMPP channels in OpenClaw

Twenty: A Modern Alternative to Salesforce

Raspberry Pi: More memory-driven price rises

Level Up Your Gaming

Di.day is a movement to encourage people to ditch Big Tech

Show HN: AI generated personal affirmations playing when your phone is locked

Show HN: GTM MCP Server- Let AI Manage Your Google Tag Manager Containers

Launch of X (Twitter) API Pay-per-Use Pricing

Facebook seemingly randomly bans tons of users

Global Bird Count Event

What Is Ruliology?

Jon Stewart – One of My Favorite People – What Now? with Trevor Noah Podcast [video]

P2P crypto exchange development company

Vocal Guide – belt sing without killing yourself

Write for Your Readers Even If They Are Agents

Knowledge-Creating LLMs

Maple Mono: Smooth your coding flow

Sid Meier's System for Real-Time Music Composition and Synthesis

Show HN: Slop News – HN front page now, but it's all slop

Show HN: Empusa – Visual debugger to catch and resume AI agent retry loops

Show HN: Bitcoin wallet on NXP SE050 secure element, Tor-only open source

White House Explores Opening Antitrust Probe on Homebuilders

Show HN: MindDraft – AI task app with smart actions and auto expense tracking

How do you estimate AI app development costs accurately?

Going Through Snowden Documents, Part 5

Show HN: MCP Server for TradeStation