List of pf changes

[Max Laier]

Here is a list of significant changes to pf that came in with the import 
from OpenBSD 4.1 (taken from the OpenBSD release notes):

3.8

3.9
* ftp-proxy has been rewritten, and a tftp version, tftp-proxy, has been 
  added.

4.0
* pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for 
  simplified ingress filtering.

4.1
* The pflog(4) interface is now clonable. pf(4) can log to multiple pflog 
  interfaces now, each rule can specify which pflog interface to log to. 
  pflogd(8) can now be told which pflog interface to work with.

* pfctl(8) can now expire table entries.

* keep state is now the default for pf.conf(5) rules, as is the flags S/SA 
  option on TCP connections. no state and flags any can be used to disable 
  stateful filtering or TCP flags checking.

* The pfctl(8) ruleset optimiser can be enabled in pf.conf(5).

* pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be 
  printed recursively.

* Allow pf(4) rules inside anchors to have their counters reset, and make 
  counter read & reset an atomic operation.

I'm not sure if we have a good place to document this - thus I'm sending 
it here.  I'd be interested in better pf documentation.  Maybe we can use 
a wiki page?  Any help greatly appreciated!

-- 
FreeBSD Status reports due: 07/07/07 :-)

/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20070703/ccb79c59/attachment.sig>