Date: Tue, 3 Jul 2007 16:35:50 +0200 From: Max Laier <max@love2party.net> To: freebsd-doc@freebsd.org Subject: List of pf changes Message-ID: <200707031635.56471.max@love2party.net>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Here is a list of significant changes to pf that came in with the import from OpenBSD 4.1 (taken from the OpenBSD release notes): 3.8 3.9 * ftp-proxy has been rewritten, and a tftp version, tftp-proxy, has been added. 4.0 * pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for simplified ingress filtering. 4.1 * The pflog(4) interface is now clonable. pf(4) can log to multiple pflog interfaces now, each rule can specify which pflog interface to log to. pflogd(8) can now be told which pflog interface to work with. * pfctl(8) can now expire table entries. * keep state is now the default for pf.conf(5) rules, as is the flags S/SA option on TCP connections. no state and flags any can be used to disable stateful filtering or TCP flags checking. * The pfctl(8) ruleset optimiser can be enabled in pf.conf(5). * pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be printed recursively. * Allow pf(4) rules inside anchors to have their counters reset, and make counter read & reset an atomic operation. I'm not sure if we have a good place to document this - thus I'm sending it here. I'd be interested in better pf documentation. Maybe we can use a wiki page? Any help greatly appreciated! -- FreeBSD Status reports due: 07/07/07 :-) /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGil7MXyyEoT62BG0RAvGSAJ9U62R4UnEdEwffgNQcvfHOhafgSQCfTqkD TSRf7P7ONoUX3vmKjr/6+IU= =p1cX -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707031635.56471.max>