Date: Thu, 16 Sep 2004 04:05:34 -0000 From: Max Laier <max@love2party.net> To: current@freebsd.org Cc: pf4freebsd@freelists.org Subject: [pf4freebsd] HEADSUP: Import of pf from OpenBSD 3.5 Message-ID: <200406170038.59657.max@love2party.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
All,
I will be importing a new version of pf in the next hour. This is long due and
really well-tested. However, the first step will bring in OPENBSD_3_5_BASE
(i.e. the release version, not the STABLE branch). We will catch up on
-STABLE soon thereafter. Just FYI, better wait a bit before you re-build
world to get the new stuff.
The import will enable us to test ALTQ very easily and help in deploying
driver changes.
The OpenBSD release notes say:
"+ A large number of bug fixes, changes, and optimizations to our packet
filter pf(4) including:
- Atomic commits of ruleset changes (reduce the chance of ending up in an
inconsistent state).
- A 30% reduction in the size of state table entries.
- Source-tracking (limit number of clients and states per client).
- Sticky-address (the flexibility of round-robin with the benefits of
source-hash).
- Invert the socket match order when redirecting to localhost (prevents the
potential security problem of remote connections being identified as
local).
- Significant improvements to interface handling."
--
Best regards, | mlaier@freebsd.org
Max Laier | ICQ #67774661
http://pf4freebsd.love2party.net/ | mlaier@EFnet
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBA0MwDXyyEoT62BG0RAssYAJsH4IqYeaD8W284aWvUAsSSpSrCeACfbevv
JkCbFHon8vBOKElruVaP9SQ=
=Fooa
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406170038.59657.max>