Date: Tue, 3 May 2005 19:54:07 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: freebsd-pf@freebsd.org Subject: HEADSUP: pf import [done] Message-ID: <200505031954.13739.max@love2party.net> In-Reply-To: <200505031604.21311.max@love2party.net> References: <200505031604.21311.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart7966022.gMle5gaqeY Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, the import went through smoothly and you should be able to get it from a=20 cvs(up) server near you by now. Some general, random notes: 1) Anchor syntax changed | Users of authpf(8) must change their anchor rule in the main ruleset from= =20 | anchor authpf | to=20 | anchor "authpf/*" 2) pfsync takes syncdev instead of syncif: When configuring the pfsync devi= ce,=20 use 'syncdev' instead of the deprecated keyword 'syncif'.=20 3) authpf(8) needs a mounted fdescfs(5) 4) synproxy no longer works on outgoing rules (it never should have) 5) The code has been tested, but there is always a chance that some bugs=20 remain unfound. If you spot anything, please let me know. =46eatures that are in OpenBSD, but not yet in FreeBSD: =A0- Filtering on route labels (we don't have any). =A0- Return-rst on IP-less bridges (bridge support is still behind; There i= s=20 =A0 =A0work ongoing to improve this as well, though.). =A0- Congestion prevention/graceful comeback (subject to future work). New features (from the OpenBSD release announcements): =A0+ pfctl(8) now provides a rules optimizer to help improve filtering spee= d. =A0+ pf, now supports nested anchors. =A0+ Support limiting TCP connections by establishment rate, automatically= =20 =A0 =A0adding flooding IP addresses to tables and flushing states=20 =A0 =A0(max-src-conn-rate, overload <table>, flush global). =A0+ Improved functionality of tags (tag and tagged for translation rules,= =20 =A0 =A0tagging of all packets matching state entries). =A0+ Improved diagnostics (error messages and additional counters from=20 =A0 =A0pfctl -si). =A0+ New keyword set skip on to skip filtering on arbitrary interfaces, lik= e=20 =A0 =A0loopback.=20 =A0+ Several bugfixes improving stability. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart7966022.gMle5gaqeY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCd7rFXyyEoT62BG0RAtG4AJwKRRYofzlzjpaY7CSC5sEuwJ39eACfVqP6 XuZmvJGkimabGZqtx9jSgfs= =0r0a -----END PGP SIGNATURE----- --nextPart7966022.gMle5gaqeY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505031954.13739.max>