From owner-freebsd-net@FreeBSD.ORG Sat May 14 17:02:52 2005 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 24EC116A4CE for ; Sat, 14 May 2005 17:02:52 +0000 (GMT) Received: from iscan1.intra.oki.co.jp (okigate.oki.co.jp [202.226.91.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id DABED43D6E for ; Sat, 14 May 2005 17:02:49 +0000 (GMT) (envelope-from yamamoto436@oki.com) Received: from aoi.bmc.oki.co.jp (localhost.localdomain [127.0.0.1]) by iscan1.intra.oki.co.jp (8.9.3/8.9.3) with SMTP id CAA22517 for ; Sun, 15 May 2005 02:02:48 +0900 Received: (qmail 8186 invoked from network); 15 May 2005 02:02:48 +0900 Received: from tulip.bmc.oki.co.jp (172.19.234.100) by aoi.bmc.oki.co.jp with SMTP; 15 May 2005 02:02:48 +0900 Received: from localhost (tulip [172.19.234.100]) by tulip.bmc.oki.co.jp (8.13.1/8.12.11) with ESMTP id j4EH2lJo013119; Sun, 15 May 2005 02:02:48 +0900 (JST) (envelope-from yamamoto436@oki.com) Date: Sun, 15 May 2005 02:02:47 +0900 (JST) Message-Id: <20050515.020247.104108009.yamamoto436@oki.com> To: max@love2party.net From: Hideki Yamamoto In-Reply-To: <200504200112.41260.max@love2party.net> References: <200504200112.41260.max@love2party.net> X-Mailer: Mew version 3.3 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org cc: freebsd-pf@freebsd.org Subject: Re: New PF (OpenBSD 3.7 ***ALPHA-preview***) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2005 17:02:52 -0000 Dear Mr. Max; Thank you for your efforts!! I am expecting full bridge function on FreeBSD 5 as OpenBSD 3.5 or later. Last year, I have tested FreeBSD, NetBSD, and OpenBSD to bridge IPv6 packet over IPv4 tunnel with bridge. Though only OpenBSD supported the above function, it is not stable. Kernel panic happens wheneve we type reboot command, or booting process sometimes stop when chekecking USB devices. I hope FreeBSD pf porting supports full function of bridge. Thanks in advance. From: Max Laier Subject: New PF (OpenBSD 3.7 ***ALPHA-preview***) Date: Wed, 20 Apr 2005 01:12:30 +0200 Message-ID: <200504200112.41260.max@love2party.net> > All, > > at: > http://people.freebsd.org/~mlaier/pf37/ > > you will find the first shot at the long awaited import of a new version of > pf. This is level with what is likely to be shipped as OpenBSD 3.7 and > includes *most* of the features. Some are not yet implemented: > > - Filtering on route labels (we don't have any). > - Return-rst on IP-less bridges (bridge support is still behind; There is > work ongoing to improve this as well, though.). > - Congestion prevention/graceful comeback (subject to future work). > > There are, however, some hightlights that came with OpenBSD 3.6 and will be > coming with OpenBSD 3.7 (from the OpenBSD release notes): > > + pfctl(8) now provides a rules optimizer to help improve filtering speed. > + pf, now supports nested anchors. > + Support limiting TCP connections by establishment rate, automatically > adding flooding IP addresses to tables and flushing states > (max-src-conn-rate, overload , flush global). > + Improved functionality of tags (tag and tagged for translation rules, > tagging of all packets matching state entries). > + Improved diagnostics (error messages and additional counters from > pfctl -si). > + New keyword set skip on to skip filtering on arbitrary interfaces, like > loopback. > + Several bugfixes improving stability. > > This import is in a very early stage and you should keep this in mind! > > However, it should build and boot just fine. I have done some basic tests to > weed out the common problems seen during the last imports, but didn't do > extensive testing yet. If you are in a position where you can test this, I > am looking forward to getting your feedback! > > Updates will be posted to the freebsd-pf mailing list. Thanks. > > -- > /"\ Best regards, | mlaier@freebsd.org > \ / Max Laier | ICQ #67774661 > X http://pf4freebsd.love2party.net/ | mlaier@EFnet > / \ ASCII Ribbon Campaign | Against HTML Mail and News ----------------------------------------------------------------- Hideki YAMAMOTO | Broadband Media Solutions Department | E-mail: yamamoto436@oki.com Broadband Media Company | Tel: +81-48-420-7012 Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016