Sunday, January 30, 2011

I will not mindlessly paste from HOWTOs

Even with proper discouragement, mindless pasting is rampant, it seems

It had to happen sooner or later.

My incoming mail this morning had one item about what I thought was a fairly trivial misconfiguration, and I answered it like this

From: peter@bsdly.net (Peter N. M. Hansteen)
Subject: Re: interesting-traffic
To: Name Withheld <Name.Withheld@gmail.com>
Cc: peter@bsdly.net
Date: Sun, 30 Jan 2011 12:44:35 +0100

Name Withheld <Name.Withheld@gmail.com> writes:

> how should i handle the 'intersting-traffic macro not defined' error
> in pf.conf on obsd 4.8 reboot syntax error starting pf?

either define the macro (remove a # comment perhaps) or remove any
references to it.  Have you been pasting from a partial example
floating around the web perhaps?

- P


Then a few sips of coffee later, it dawned on me: the macro interstring-traffic is more than likely one I made up for the bridge example in the short (and now rarely updated) version of my PF tutorial document. (I added the strongly worded note there as a reaction to this incident).

So it's at least partly my fault. I put an incomplete example out there, hoping that whoever stumbled upon the material would grasp the context and fill in any needed details. The important bits are all there, but when pasted into a config without checking, the result will be just as Name Withheld experienced.

But then I can't really take the full blame: Had he bothered to read the rest of the document or even the book that's a further development, he would have seen this admonition which comes out even more clearly in the slides version. If for some reason the links are inoperative, here it is:


The Pledge of the Network Admin

This is my network. 

It is mine 
or technically my employer's, 
it is my responsibility 
and I care for it with all my heart

there are many other networks a lot like mine,

but none are just like it.

I solemnly swear 

that I will not mindlessly paste from HOWTOs.


I actually recite that at the very beginning of all my tutorial sessions, and while of course it's sometimes accompanied by giggles, the point remains: there is no substitute for actually understanding your configuration. Testing (if nothing else, a quick sudo pfctl -vnf /etc/pf.conf and reading the output before rebooting) would have helped enormously too.


For those hungry for fresh PF tutorials, I'll jump the gun and announce that there will be one by yours truly at AsiaBSDCon 2011, final schedule to appear on that URL shortly. A few other events are in the works too, more details here and at the PF tutorial page when details are settled.
Posted by at 3:40 PM
Labels: , , ,
Reactions: 

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)