From owner-freebsd-pf@FreeBSD.ORG Tue May 3 17:54:29 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 075C716A4CE; Tue, 3 May 2005 17:54:29 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2077243D4C; Tue, 3 May 2005 17:54:28 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DT1b9-00048I-00; Tue, 03 May 2005 19:54:19 +0200 Received: from [84.163.248.28] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DT1b9-0007wj-00; Tue, 03 May 2005 19:54:19 +0200 From: Max Laier To: freebsd-current@freebsd.org Date: Tue, 3 May 2005 19:54:07 +0200 User-Agent: KMail/1.8 References: <200505031604.21311.max@love2party.net> In-Reply-To: <200505031604.21311.max@love2party.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart7966022.gMle5gaqeY"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200505031954.13739.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-pf@freebsd.org Subject: HEADSUP: pf import [done] X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 May 2005 17:54:29 -0000 --nextPart7966022.gMle5gaqeY Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, the import went through smoothly and you should be able to get it from a=20 cvs(up) server near you by now. Some general, random notes: 1) Anchor syntax changed | Users of authpf(8) must change their anchor rule in the main ruleset from= =20 | anchor authpf | to=20 | anchor "authpf/*" 2) pfsync takes syncdev instead of syncif: When configuring the pfsync devi= ce,=20 use 'syncdev' instead of the deprecated keyword 'syncif'.=20 3) authpf(8) needs a mounted fdescfs(5) 4) synproxy no longer works on outgoing rules (it never should have) 5) The code has been tested, but there is always a chance that some bugs=20 remain unfound. If you spot anything, please let me know. =46eatures that are in OpenBSD, but not yet in FreeBSD: =A0- Filtering on route labels (we don't have any). =A0- Return-rst on IP-less bridges (bridge support is still behind; There i= s=20 =A0 =A0work ongoing to improve this as well, though.). =A0- Congestion prevention/graceful comeback (subject to future work). New features (from the OpenBSD release announcements): =A0+ pfctl(8) now provides a rules optimizer to help improve filtering spee= d. =A0+ pf, now supports nested anchors. =A0+ Support limiting TCP connections by establishment rate, automatically= =20 =A0 =A0adding flooding IP addresses to tables and flushing states=20 =A0 =A0(max-src-conn-rate, overload , flush global). =A0+ Improved functionality of tags (tag and tagged for translation rules,= =20 =A0 =A0tagging of all packets matching state entries). =A0+ Improved diagnostics (error messages and additional counters from=20 =A0 =A0pfctl -si). =A0+ New keyword set skip on to skip filtering on arbitrary interfaces, lik= e=20 =A0 =A0loopback.=20 =A0+ Several bugfixes improving stability. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart7966022.gMle5gaqeY Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCd7rFXyyEoT62BG0RAtG4AJwKRRYofzlzjpaY7CSC5sEuwJ39eACfVqP6 XuZmvJGkimabGZqtx9jSgfs= =0r0a -----END PGP SIGNATURE----- --nextPart7966022.gMle5gaqeY--