Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Apr 2005 01:12:30 +0200
From:      Max Laier <max@love2party.net>
To:        freebsd-pf@freebsd.org
Cc:        freebsd-net@freebsd.org
Subject:   New PF (OpenBSD 3.7 ***ALPHA-preview***)
Message-ID:  <200504200112.41260.max@love2party.net>
next in thread | raw e-mail | index | archive | help 
--nextPart6834756.50gp7hMCWt
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

All,

at:
    http://people.freebsd.org/~mlaier/pf37/

you will find the first shot at the long awaited import of a new version of=
=20
pf.  This is level with what is likely to be shipped as OpenBSD 3.7 and=20
includes *most* of the features.  Some are not yet implemented:

 - Filtering on route labels (we don't have any).
 - Return-rst on IP-less bridges (bridge support is still behind; There is=
=20
   work ongoing to improve this as well, though.).
 - Congestion prevention/graceful comeback (subject to future work).

There are, however, some hightlights that came with OpenBSD 3.6 and will be=
=20
coming with OpenBSD 3.7 (from the OpenBSD release notes):

 + pfctl(8) now provides a rules optimizer to help improve filtering speed.
 + pf, now supports nested anchors.
 + Support limiting TCP connections by establishment rate, automatically=20
   adding flooding IP addresses to tables and flushing states=20
   (max-src-conn-rate, overload <table>, flush global).
 + Improved functionality of tags (tag and tagged for translation rules,=20
   tagging of all packets matching state entries).
 + Improved diagnostics (error messages and additional counters from=20
   pfctl -si).
 + New keyword set skip on to skip filtering on arbitrary interfaces, like=
=20
   loopback.=20
 + Several bugfixes improving stability.

This import is in a very early stage and you should keep this in mind!=20

However, it should build and boot just fine.  I have done some basic tests =
to=20
weed out the common problems seen during the last imports, but didn't do=20
extensive testing yet.  If you are in a position where you can test this, I=
=20
am looking forward to getting your feedback!

Updates will be posted to the freebsd-pf mailing list.  Thanks.

=2D-=20
/"\  Best regards,                      | mlaier@freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier@EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News

--nextPart6834756.50gp7hMCWt
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iD8DBQBCZZBpXyyEoT62BG0RAnc7AJ9CvaKAtiBHBILKcSOPdIwHqP1fcQCfRVgj
l0xORdFxxCmtMQaMyPno8X8=
=cqUW
-----END PGP SIGNATURE-----

--nextPart6834756.50gp7hMCWt--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504200112.41260.max>