Date: Tue, 3 Jul 2007 16:35:50 +0200 From: Max Laier <max@love2party.net> To: freebsd-doc@freebsd.org Subject: List of pf changes Message-ID: <200707031635.56471.max@love2party.net>
next in thread | raw e-mail | index | archive | help
--nextPart1773231.OGSZeGI1A9 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Here is a list of significant changes to pf that came in with the import=20 from OpenBSD 4.1 (taken from the OpenBSD release notes): 3.8 3.9 * ftp-proxy has been rewritten, and a tftp version, tftp-proxy, has been=20 added. 4.0 * pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for=20 simplified ingress filtering. 4.1 * The pflog(4) interface is now clonable. pf(4) can log to multiple pflog=20 interfaces now, each rule can specify which pflog interface to log to.=20 pflogd(8) can now be told which pflog interface to work with. * pfctl(8) can now expire table entries. * keep state is now the default for pf.conf(5) rules, as is the flags S/SA= =20 option on TCP connections. no state and flags any can be used to disable= =20 stateful filtering or TCP flags checking. * The pfctl(8) ruleset optimiser can be enabled in pf.conf(5). * pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be= =20 printed recursively. * Allow pf(4) rules inside anchors to have their counters reset, and make=20 counter read & reset an atomic operation. I'm not sure if we have a good place to document this - thus I'm sending=20 it here. I'd be interested in better pf documentation. Maybe we can use=20 a wiki page? Any help greatly appreciated! =2D-=20 =46reeBSD Status reports due: 07/07/07 :-) /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1773231.OGSZeGI1A9 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGil7MXyyEoT62BG0RAvGSAJ9U62R4UnEdEwffgNQcvfHOhafgSQCfTqkD TSRf7P7ONoUX3vmKjr/6+IU= =p1cX -----END PGP SIGNATURE----- --nextPart1773231.OGSZeGI1A9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707031635.56471.max>