All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

OpenBSD pf Firewall Patch Proposes Making af-to IPv4/IPv6 Translation Less Magical

By

defrost

4mo ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Pulled from the oven just right. Trustworthy, fact-dense, deeply satisfying.

Score85TypenewsSentimentneutral

Summary

The article discusses a proposed patch for OpenBSD's pf firewall to make the af-to option less 'magical' and more explicit. The af-to option handles IPv4 to IPv6 address family translation, but has been considered awkward by some developers. David Gwynne is proposing changes to make the functionality more transparent and less reliant on implicit behavior, continuing OpenBSD's tradition of making complex networking features more understandable and maintainable.

Key quotes

· 3 pulled
Seasoned networkers will know to tell you that legacy IPv4 and modern IPv6 are, in fact, not directly compatible, and shipping traffic between IPv4 and IPv6 networks requires address family translation.
On our favorite operating system and its siblings, that special case has been handled via the af-to option and special case rules since back in the OpenBSD 5.1 days.
But that special case has always felt a bit awkward to some, and now David Gwynne (dlg@) is airing a patch on tech@ with a view to making af-to less magical.
Snippet from the RSS feed
Contributed by Peter N. M. Hansteen on 2026-01-16 from the raising my family dept.

You might also wanna read

IPv8: An Alternative IPv4 Successor with Backward Compatibility and Integrated Network Management

This article introduces IPv8, an alternative successor to IPv4 that differs from IPv6 by focusing on integrated network management and singl

openipv8.org·17d ago

Cloudflare fixes CUBIC congestion control bug in QUIC implementation that permanently pinned performance at minimum

Cloudflare engineers discovered and fixed a bug in the CUBIC congestion control algorithm (RFC 9438) used in their QUIC implementation (quic

blog.cloudflare.com·19d ago

OpenBSD PF Packet Filter Overcomes 4.29 Gbps Bandwidth Limitation for HFSC Traffic Shaping

OpenBSD's PF packet filter has overcome a significant technical limitation where HFSC traffic shaping queues were previously capped at appro

undeadly.org·2mo ago

Aether: Open-Source ISP Orchestration Lab for Network Testing

Aether is an open-source ISP orchestration lab that provides a demo environment for testing broadband network infrastructure. The lab includ

aether.saphal.me·2mo ago

Distributed BNG Architecture Using eBPF/XDP for ISP Edge Infrastructure

The article presents an innovative approach to ISP infrastructure by developing an open-source, eBPF-accelerated Broadband Network Gateway (

markgascoyne.co.uk·4mo ago

Netflix engineer's open-source tool cuts AI token usage by up to 90%

Netflix senior engineer Tejas Chopra created software called "Project Headroom" that prunes redundant tokens from AI agent instructions befo

theregister.com·1h ago