All,
at:
http://people.freebsd.org/~mlaier/pf37/you will find the first shot at the long awaited import of a new version of pf. This is level with what is likely to be shipped as OpenBSD 3.7 and includes *most* of the features. Some are not yet implemented: - Filtering on route labels (we don't have any). - Return-rst on IP-less bridges (bridge support is still behind; There is work ongoing to improve this as well, though.). - Congestion prevention/graceful comeback (subject to future work). There are, however, some hightlights that came with OpenBSD 3.6 and will be coming with OpenBSD 3.7 (from the OpenBSD release notes): + pfctl(8) now provides a rules optimizer to help improve filtering speed. + pf, now supports nested anchors. + Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload <table>, flush global). + Improved functionality of tags (tag and tagged for translation rules, tagging of all packets matching state entries). + Improved diagnostics (error messages and additional counters from pfctl -si). + New keyword set skip on to skip filtering on arbitrary interfaces, like loopback. + Several bugfixes improving stability. This import is in a very early stage and you should keep this in mind! However, it should build and boot just fine. I have done some basic tests to weed out the common problems seen during the last imports, but didn't do extensive testing yet. If you are in a position where you can test this, I am looking forward to getting your feedback! Updates will be posted to the freebsd-pf mailing list. Thanks. -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpC6h9TK4l70.pgp
Description: PGP signature
