CLI Tool to Convert Openbsd Packet Filter Config Files to JSON and Vice Versa

Posted3 months agoActive3 months ago

fork-bomber

47 points

14 comments

github.comTechstory

supportivepositive

Debate

20/100

OpenbsdPacket FilterJSON Conversion

Key topics

Openbsd

Packet Filter

JSON Conversion

A CLI tool for converting OpenBSD Packet Filter config files to JSON and vice versa was shared, sparking discussion on its utility and potential applications.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

Peak period

Day 3

Avg / period

4.7

Comment distribution14 data points

Loading chart...

Based on 14 loaded comments

Key moments

01Story posted
Oct 3, 2025 at 2:01 PM EDT
3 months ago
Step 01
02First comment
Oct 6, 2025 at 10:23 AM EDT
3d after posting
Step 02
03Peak activity
10 comments in Day 3
Hottest window of the conversation
Step 03
04Latest activity
Oct 13, 2025 at 6:59 AM EDT
3 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (14 comments)

Showing 14 comments

djoldman

3 months ago

2 replies

Total aside, but I LOVE that it's written in a non-top10 language without the "in [language]" comment.

hnlmorg

3 months ago

1 reply

For some reason I was under the impression that V (Vlang) was vaporware. Nice to see something built in it.

baranul

3 months ago

That "impression" most likely comes from purposeful propaganda that originates from competitors of V (Vlang). It's a really twisted and foul story of how they tried to suppress the language. ZeQLplus, Papyrus Compiler, Lilly Editor[1][2] (author, Tauraamui, did a recent video interview), etc... Are among many examples of fun useful apps that people write in Vlang all of the time, with various ones being in existence for years.

[1]: https://www.youtube.com/watch?v=MvFHT0N9inw (Just Try Out New Languages - part of a longer interview)

[2]: https://news.ycombinator.com/item?id=43462676 (TUI editor and Vim/Neovim alternative)

[3]: https://github.com/vlang/awesome-v

SoftTalker

3 months ago

Is that the reason this is being upvoted? Otherwise what is the purpose of converting pf.conf to JSON?

gh02t

3 months ago

1 reply

So asking a real question not being sarcastic and having only dabbled with OpenBSD's pf, what is the use for this? The examples seem to point to using it for backups, but what does json give you versus just backing up the file directly? Is it to make manipulating pf config files programmatically easier?

intothemild

3 months ago

1 reply

No. You're not being sarcastic here. PFs config files can't really be any more complicated or easier in json than in its native form.

So, other than validation or something... Which, if you are already parsing the file into json and back again... Means you already can parse pf.conf files, and just do validation directly there.

So if it's just backing up, then yeah why add the extra step of converting the file before backing it up

hnlmorg

3 months ago

I assumed it was to make it easier working with the files programmatically. Eg using jq or one of the many many other solutions for JSON in shell scripts.

mrweasel

3 months ago

1 reply

Neat, but why? I could see this being handy if the pf language was changed and this tool could covert between the old and new configuration. I believe pf have been substantially updated in the past and I don't recall there being a conversion tool.

SoftTalker

3 months ago

2 replies

I'm not affiliated with the project but I believe the chance of OpenBSD adopting JSON as a config file format are approximately zero, to whatever degree of precision you might choose.

grapesodaaaaa

3 months ago

The pf language is also shockingly readable for a firewall config

mrweasel

3 months ago

Sounds about right, but they also don't need to, all the OpenBSD specific configuration is mostly done in the same manor, meaning that if you know PF, then the configuration language for httpd, relayd or OpenSMTPd isn't all that foreign to you.

JSON is generally a pretty poor configuration language, so I wouldn't hope that it would be adopted.

sedawkgrep

3 months ago

2 replies

Ok, lots of questions around 'why' and no answers, so let me take a stab.

I suspect that the purpose of this is to be able to ingest pf.conf files into a larger security tool. Something like an NDR/XDR/SOAR, or perhaps Splunk.

SecOps wants to know what the existing policies are (for compliance and validation), and to orchestrate enforcement when an IoC (or whatever) prompts investigation and action. Getting the format into JSON opens up the whole landscape for integration into existing tooling.

accrual

3 months ago

Nice, that's a reasonable use case. I've been working on centralizing my home lab config and this tool could help bring pf.conf in/out of a central JSON config. Mine already handles static DHCP leases, local hostnames, certificates, etc.

whydoyoucare

3 months ago

That was my first gut instinct too. Good to know I am not alone. :)

View full discussion on Hacker News

ID: 45465821Type: storyLast synced: 11/20/2025, 2:36:48 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN