Date: Wed, 04 May 2005 08:35:44 +0800 From: sam <sam.wun@tech-21.com.hk> Cc: freebsd-pf@freebsd.org Subject: Re: HEADSUP: pf import [done] Message-ID: <427818E0.2070702@tech-21.com.hk> In-Reply-To: <200505031954.13739.max@love2party.net> References: <200505031604.21311.max@love2party.net> <200505031954.13739.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Max Laier wrote: >All, > >the import went through smoothly and you should be able to get it from a >cvs(up) server near you by now. Some general, random notes: > >1) Anchor syntax changed >| Users of authpf(8) must change their anchor rule in the main ruleset from >| anchor authpf >| to >| anchor "authpf/*" > >2) pfsync takes syncdev instead of syncif: When configuring the pfsync device, >use 'syncdev' instead of the deprecated keyword 'syncif'. >3) authpf(8) needs a mounted fdescfs(5) >4) synproxy no longer works on outgoing rules (it never should have) >5) The code has been tested, but there is always a chance that some bugs >remain unfound. If you spot anything, please let me know. > >Features that are in OpenBSD, but not yet in FreeBSD: > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > >New features (from the OpenBSD release announcements): > + pfctl(8) now provides a rules optimizer to help improve filtering speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload <table>, flush global). > + Improved functionality of tags (tag and tagged for translation rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, like > loopback. > + Several bugfixes improving stability. > > > Is the new import included in 5.4 Release? Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?427818E0.2070702>