HEADSUP: pf import [done]

Max Laier max at love2party.net
Tue May 3 10:54:29 PDT 2005 

All,

the import went through smoothly and you should be able to get it from a 
cvs(up) server near you by now.  Some general, random notes:

1) Anchor syntax changed
| Users of authpf(8) must change their anchor rule in the main ruleset from 
|   anchor authpf
| to 
|   anchor "authpf/*"

2) pfsync takes syncdev instead of syncif: When configuring the pfsync device, 
use 'syncdev' instead of the deprecated keyword 'syncif'. 
3) authpf(8) needs a mounted fdescfs(5)
4) synproxy no longer works on outgoing rules (it never should have)
5) The code has been tested, but there is always a chance that some bugs 
remain unfound.  If you spot anything, please let me know.

Features that are in OpenBSD, but not yet in FreeBSD:
 - Filtering on route labels (we don't have any).
 - Return-rst on IP-less bridges (bridge support is still behind; There is 
   work ongoing to improve this as well, though.).
 - Congestion prevention/graceful comeback (subject to future work).

New features (from the OpenBSD release announcements):
 + pfctl(8) now provides a rules optimizer to help improve filtering speed.
 + pf, now supports nested anchors.
 + Support limiting TCP connections by establishment rate, automatically 
   adding flooding IP addresses to tables and flushing states 
   (max-src-conn-rate, overload <table>, flush global).
 + Improved functionality of tags (tag and tagged for translation rules, 
   tagging of all packets matching state entries).
 + Improved diagnostics (error messages and additional counters from 
   pfctl -si).
 + New keyword set skip on to skip filtering on arbitrary interfaces, like 
   loopback. 
 + Several bugfixes improving stability.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20050503/a158cb24/attachment.bin

More information about the freebsd-pf mailing list