--nextPart1773231.OGSZeGI1A9
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Here is a list of significant changes to pf that came in with the import=20
from OpenBSD 4.1 (taken from the OpenBSD release notes):
3.8
3.9
* ftp-proxy has been rewritten, and a tftp version, tftp-proxy, has been=20
added.
4.0
* pf(4) now supports Unicast Reverse Path Forwarding (uRPF) checks for=20
simplified ingress filtering.
4.1
* The pflog(4) interface is now clonable. pf(4) can log to multiple pflog=20
interfaces now, each rule can specify which pflog interface to log to.=20
pflogd(8) can now be told which pflog interface to work with.
* pfctl(8) can now expire table entries.
* keep state is now the default for pf.conf(5) rules, as is the flags S/SA=
=20
option on TCP connections. no state and flags any can be used to disable=
=20
stateful filtering or TCP flags checking.
* The pfctl(8) ruleset optimiser can be enabled in pf.conf(5).
* pf(4) anchors can now be loaded inline in the main pf.conf(5) and can be=
=20
printed recursively.
* Allow pf(4) rules inside anchors to have their counters reset, and make=20
counter read & reset an atomic operation.
I'm not sure if we have a good place to document this - thus I'm sending=20
it here. I'd be interested in better pf documentation. Maybe we can use=20
a wiki page? Any help greatly appreciated!
=2D-=20
=46reeBSD Status reports due: 07/07/07 :-)
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart1773231.OGSZeGI1A9
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.3 (FreeBSD)
iD8DBQBGil7MXyyEoT62BG0RAvGSAJ9U62R4UnEdEwffgNQcvfHOhafgSQCfTqkD
TSRf7P7ONoUX3vmKjr/6+IU=
=p1cX
-----END PGP SIGNATURE-----
--nextPart1773231.OGSZeGI1A9--
討論串 (同標題文章)