From owner-freebsd-pf@FreeBSD.ORG Tue Apr 19 23:12:42 2005 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1C3C16A4CE; Tue, 19 Apr 2005 23:12:42 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE3A643D39; Tue, 19 Apr 2005 23:12:41 +0000 (GMT) (envelope-from max@love2party.net) Received: from [212.227.126.209] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1DO1tY-0001kw-00; Wed, 20 Apr 2005 01:12:40 +0200 Received: from [84.163.229.8] (helo=donor.laier.local) by mrelayng.kundenserver.de with asmtp (TLSv1:RC4-MD5:128) (Exim 3.35 #1) id 1DO1tY-0004hm-00; Wed, 20 Apr 2005 01:12:41 +0200 From: Max Laier To: freebsd-pf@freebsd.org Date: Wed, 20 Apr 2005 01:12:30 +0200 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart6834756.50gp7hMCWt"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200504200112.41260.max@love2party.net> X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:61c499deaeeba3ba5be80f48ecc83056 cc: freebsd-net@freebsd.org Subject: New PF (OpenBSD 3.7 ***ALPHA-preview***) X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Apr 2005 23:12:42 -0000 --nextPart6834756.50gp7hMCWt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline All, at: http://people.freebsd.org/~mlaier/pf37/ you will find the first shot at the long awaited import of a new version of= =20 pf. This is level with what is likely to be shipped as OpenBSD 3.7 and=20 includes *most* of the features. Some are not yet implemented: - Filtering on route labels (we don't have any). - Return-rst on IP-less bridges (bridge support is still behind; There is= =20 work ongoing to improve this as well, though.). - Congestion prevention/graceful comeback (subject to future work). There are, however, some hightlights that came with OpenBSD 3.6 and will be= =20 coming with OpenBSD 3.7 (from the OpenBSD release notes): + pfctl(8) now provides a rules optimizer to help improve filtering speed. + pf, now supports nested anchors. + Support limiting TCP connections by establishment rate, automatically=20 adding flooding IP addresses to tables and flushing states=20 (max-src-conn-rate, overload , flush global). + Improved functionality of tags (tag and tagged for translation rules,=20 tagging of all packets matching state entries). + Improved diagnostics (error messages and additional counters from=20 pfctl -si). + New keyword set skip on to skip filtering on arbitrary interfaces, like= =20 loopback.=20 + Several bugfixes improving stability. This import is in a very early stage and you should keep this in mind!=20 However, it should build and boot just fine. I have done some basic tests = to=20 weed out the common problems seen during the last imports, but didn't do=20 extensive testing yet. If you are in a position where you can test this, I= =20 am looking forward to getting your feedback! Updates will be posted to the freebsd-pf mailing list. Thanks. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart6834756.50gp7hMCWt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQBCZZBpXyyEoT62BG0RAnc7AJ9CvaKAtiBHBILKcSOPdIwHqP1fcQCfRVgj l0xORdFxxCmtMQaMyPno8X8= =cqUW -----END PGP SIGNATURE----- --nextPart6834756.50gp7hMCWt--