Date: Sun, 15 May 2005 02:02:47 +0900 (JST) From: Hideki Yamamoto <yamamoto436@oki.com> To: max@love2party.net Cc: freebsd-pf@freebsd.org Subject: Re: New PF (OpenBSD 3.7 ***ALPHA-preview***) Message-ID: <20050515.020247.104108009.yamamoto436@oki.com> In-Reply-To: <200504200112.41260.max@love2party.net> References: <200504200112.41260.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Dear Mr. Max; Thank you for your efforts!! I am expecting full bridge function on FreeBSD 5 as OpenBSD 3.5 or later. Last year, I have tested FreeBSD, NetBSD, and OpenBSD to bridge IPv6 packet over IPv4 tunnel with bridge. Though only OpenBSD supported the above function, it is not stable. Kernel panic happens wheneve we type reboot command, or booting process sometimes stop when chekecking USB devices. I hope FreeBSD pf porting supports full function of bridge. Thanks in advance. From: Max Laier <max@love2party.net> Subject: New PF (OpenBSD 3.7 ***ALPHA-preview***) Date: Wed, 20 Apr 2005 01:12:30 +0200 Message-ID: <200504200112.41260.max@love2party.net> > All, > > at: > http://people.freebsd.org/~mlaier/pf37/ > > you will find the first shot at the long awaited import of a new version of > pf. This is level with what is likely to be shipped as OpenBSD 3.7 and > includes *most* of the features. Some are not yet implemented: > > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > > There are, however, some hightlights that came with OpenBSD 3.6 and will be > coming with OpenBSD 3.7 (from the OpenBSD release notes): > > + pfctl(8) now provides a rules optimizer to help improve filtering speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload <table>, flush global). > + Improved functionality of tags (tag and tagged for translation rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, like > loopback. > + Several bugfixes improving stability. > > This import is in a very early stage and you should keep this in mind! > > However, it should build and boot just fine. I have done some basic tests to > weed out the common problems seen during the last imports, but didn't do > extensive testing yet. If you are in a position where you can test this, I > am looking forward to getting your feedback! > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News ----------------------------------------------------------------- Hideki YAMAMOTO | Broadband Media Solutions Department | E-mail: yamamoto436@oki.com Broadband Media Company | Tel: +81-48-420-7012 Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050515.020247.104108009.yamamoto436>