From owner-freebsd-doc@FreeBSD.ORG Tue Jul 3 14:47:03 2007 Return-Path: X-Original-To: freebsd-doc@freebsd.org Delivered-To: freebsd-doc@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C124C16A421 for ; Tue, 3 Jul 2007 14:47:03 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.174]) by mx1.freebsd.org (Postfix) with ESMTP id CEAF813C484 for ; Tue, 3 Jul 2007 14:47:02 +0000 (UTC) (envelope-from max@love2party.net) Received: from [88.64.181.58] (helo=amd64.laiers.local) by mrelayeu.kundenserver.de (node=mrelayeu0) with ESMTP (Nemesis), id 0MKwh2-1I5jSJ3ysu-0004Bz; Tue, 03 Jul 2007 16:34:28 +0200 From: Max Laier Organization: FreeBSD To: freebsd-doc@freebsd.org Date: Tue, 3 Jul 2007 16:35:50 +0200 User-Agent: KMail/1.9.6 X-Face: ,,8R(x[kmU]tKN@>gtH1yQE4aslGdu+2]; R]*pL,U>^H?)gW@49@wdJ`H<%}*_BD U_or=\mOZf764&nYj=JYbR1PW0ud>|!~, , CPC.1-D$FG@0h3#'5"k{V]a~. X-Provags-ID: V01U2FsdGVkX182y0KPWMQzTNZ6gRTcB35Uh7gSbrAwOVzxfGu I6zMGVa9PUuFMaSLgtuGilBY8aJkQ3iO85LBPX12127sMVQo/M l2sfX+Kh8FuxVI2ylCBKkxWYZby0cq+uuIaPzvaeRM= Subject: List of pf changes X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2007 14:47:03 -0000 --nextPart1773231.OGSZeGI1A9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Here is a list of significant changes to pf that came in with the import=20 from OpenBSD 4.1 (taken from the OpenBSD release notes): 3.8 3.9 * ftp-proxy has been rewritten, and a tftp version, tftp-proxy, has been=20 added. 4.0 * pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for=20 simplified ingress filtering. 4.1 * The pflog(4) interface is now clonable. pf(4) can log to multiple pflog=20 interfaces now, each rule can specify which pflog interface to log to.=20 pflogd(8) can now be told which pflog interface to work with. * pfctl(8) can now expire table entries. * keep state is now the default for pf.conf(5) rules, as is the flags S/SA= =20 option on TCP connections. no state and flags any can be used to disable= =20 stateful filtering or TCP flags checking. * The pfctl(8) ruleset optimiser can be enabled in pf.conf(5). * pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be= =20 printed recursively. * Allow pf(4) rules inside anchors to have their counters reset, and make=20 counter read & reset an atomic operation. I'm not sure if we have a good place to document this - thus I'm sending=20 it here. I'd be interested in better pf documentation. Maybe we can use=20 a wiki page? Any help greatly appreciated! =2D-=20 =46reeBSD Status reports due: 07/07/07 :-) /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1773231.OGSZeGI1A9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGil7MXyyEoT62BG0RAvGSAJ9U62R4UnEdEwffgNQcvfHOhafgSQCfTqkD TSRf7P7ONoUX3vmKjr/6+IU= =p1cX -----END PGP SIGNATURE----- --nextPart1773231.OGSZeGI1A9--