Date: Wed, 23 Apr 2003 11:16:19 +0200 From: Christian Brueffer <chris@unixpages.org> To: current@freebsd.org Subject: New PF on FreeBSD snapshot available Message-ID: <20030423091619.GA26749@unixpages.org>
next in thread | raw e-mail | index | archive | help
--vkogqOf2sHV7VnPd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm sending this on behalf of Pyun YongHyeon <yonagri@kt-is.co.kr> (he can't send messages to the lists himself for some reason). --------------- PF on FreeBSD 5.X URL: http://pf4freebsd.love2party.net/index.html Contact: Pyun YongHyeon <yonagri@kt-is.co.kr> Contact: Max Laier <max@love2party.net> We are very pleased to announce that a new release is available for download at http://pf4freebsd.love2party.net/pf_freebsd_0.61.tar.gz. Since the first release of PF at the end of March 2003, PF has undergone several major updates such as -current and ALTQ support. We also have removed bugs in IPv6, module handling and table support code. We believe the current version 0.61 is very close to production use. PF on FreeBSD provides nearly the same features as OpenBSD PF does, except some minor differences. (Probably we can mimic this missing behaviour if kernel sources could be modified.) Now, users on FreeBSD can choose the most appropriate filtering software with regard to his/her taste or policy among PF, ipfw and ipfilter. For those who are not familiar with PF, PF supports the following features over ipfw. . built-in variable expansion . built-in NAT and preventing NAT detection . table (a kind of very large blocks of address) support . packet normalization . state modulation . powerful state tracking . automatic rule optimization . queueing with ALTQ . load balancing with multiple routes PF on FreeBSD supports FreeBSD 5 and -current systems. Because ALTQ on FreeBSD is still experimental at this time, PF's ALTQ support is somewhat limited to a small set of network drivers. With ALTQ enabled PF, you can get amazing performance with "prioritizing empty acks" on ADSL connections. Due to ALTQ network driver lacking support network interfaces such as ppp or netgraph nodes at this time, this can only be achieved on a system which uses a transparent xDSL connection. (A system that uses transparent xDSL is not aware of the existence of xDSL. So this system does not use ppp or mpd at all. This system uses a static IP address and configures its network as if the connection comes from normal T1/E1 lines. I don't know any other countries which support this kind of service except Korea.) If FreeBSD merges code from ALTQ, PF would be the most preferrable packet filter. PF on FreeBSD can be configured not to use ALTQ too. -------------- - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --vkogqOf2sHV7VnPd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+plnjbHYXjKDtmC0RAv59AKCL6pG2/wMjFrDmC7nfbmJPvi/WwgCg1PyP XHAEyrmP9g2ZfyhdFC9rDZQ= =wKaV -----END PGP SIGNATURE----- --vkogqOf2sHV7VnPd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030423091619.GA26749>