Am 27.08.21 um 21:00 schrieb Antonio Quartulli: > OpenVPN shipped a small packet filtering tool called PF. It has never > been straightforward as it required a plugin to work. On top of that, > keeping PF support, makes the code more complicated and increases the > maintenance cost of OpenVPN. > > PF itself is not actually maintained at all and there is little > motivation in keeping it alive. > > Some years ago an IPv6 extension for PF was proposed, but it was never > picked up for the reasons above. > > External (and more appropriate) tools can still be used to implement > packet filtering on the OpenVPN interface. > > Drop PF support for good. > > Note that IDs used for external communication (i.e. to the plugin > or management interface) have been commented out, but not removed, as > they should not be used in the future. > > v2: > * changed // to /* */
Aside from the comment formatting being incomplete, f. i. //#define MF_CLIENT_PF still has "//" - why the hassle? Do we need to maintain C89 compatibility these days? _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
