Date: Thu, 21 Apr 2005 09:57:21 -0500 From: Nick Buraglio <nick@buraglio.com> To: Max Laier <max@love2party.net> Cc: freebsd-pf@freebsd.org Subject: Re: New PF (OpenBSD 3.7 ***ALPHA-preview***) Message-ID: <06b13c2cd4e3aa5a9ad412f3170e00ca@buraglio.com> In-Reply-To: <200504200112.41260.max@love2party.net> References: <200504200112.41260.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I was just digging for some info on the newer features and when they'd be available in freebsd. I'll get this on a testing box asap. The effort is greatly appreciated. ------------ - Nick Buraglio, Network Engineer, NCSA - Phone: 217.244.6428 - GnuPG Key: 0x2E5B44F4 ------------ On Apr 19, 2005, at 6:12 PM, Max Laier wrote: > All, > > at: > http://people.freebsd.org/~mlaier/pf37/ > > you will find the first shot at the long awaited import of a new > version of > pf. This is level with what is likely to be shipped as OpenBSD 3.7 and > includes *most* of the features. Some are not yet implemented: > > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; > There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > > There are, however, some hightlights that came with OpenBSD 3.6 and > will be > coming with OpenBSD 3.7 (from the OpenBSD release notes): > > + pfctl(8) now provides a rules optimizer to help improve filtering > speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, > automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload <table>, flush global). > + Improved functionality of tags (tag and tagged for translation > rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, > like > loopback. > + Several bugfixes improving stability. > > This import is in a very early stage and you should keep this in mind! > > However, it should build and boot just fine. I have done some basic > tests to > weed out the common problems seen during the last imports, but didn't > do > extensive testing yet. If you are in a position where you can test > this, I > am looking forward to getting your feedback! > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?06b13c2cd4e3aa5a9ad412f3170e00ca>