Re: New PF (OpenBSD 3.7 ***ALPHA-preview***)
From: Hideki Yamamoto (yamamoto436_at_oki.com)
Date: 05/14/05
- Previous message: Hideki Yamamoto: "Re: Several IPv6 tunnels possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 15 May 2005 02:02:47 +0900 (JST) To: max@love2party.net
Dear Mr. Max;
Thank you for your efforts!!
I am expecting full bridge function on FreeBSD 5 as OpenBSD 3.5 or
later. Last year, I have tested FreeBSD, NetBSD, and OpenBSD to
bridge IPv6 packet over IPv4 tunnel with bridge.
Though only OpenBSD supported the above function, it is not
stable. Kernel panic happens wheneve we type reboot command, or
booting process sometimes stop when chekecking USB devices.
I hope FreeBSD pf porting supports full function of bridge.
Thanks in advance.
From: Max Laier <max@love2party.net>
Subject: New PF (OpenBSD 3.7 ***ALPHA-preview***)
Date: Wed, 20 Apr 2005 01:12:30 +0200
Message-ID: <200504200112.41260.max@love2party.net>
> All,
>
> at:
> http://people.freebsd.org/~mlaier/pf37/
>
> you will find the first shot at the long awaited import of a new version of
> pf. This is level with what is likely to be shipped as OpenBSD 3.7 and
> includes *most* of the features. Some are not yet implemented:
>
> - Filtering on route labels (we don't have any).
> - Return-rst on IP-less bridges (bridge support is still behind; There is
> work ongoing to improve this as well, though.).
> - Congestion prevention/graceful comeback (subject to future work).
>
> There are, however, some hightlights that came with OpenBSD 3.6 and will be
> coming with OpenBSD 3.7 (from the OpenBSD release notes):
>
> + pfctl(8) now provides a rules optimizer to help improve filtering speed.
> + pf, now supports nested anchors.
> + Support limiting TCP connections by establishment rate, automatically
> adding flooding IP addresses to tables and flushing states
> (max-src-conn-rate, overload <table>, flush global).
> + Improved functionality of tags (tag and tagged for translation rules,
> tagging of all packets matching state entries).
> + Improved diagnostics (error messages and additional counters from
> pfctl -si).
> + New keyword set skip on to skip filtering on arbitrary interfaces, like
> loopback.
> + Several bugfixes improving stability.
>
> This import is in a very early stage and you should keep this in mind!
>
> However, it should build and boot just fine. I have done some basic tests to
> weed out the common problems seen during the last imports, but didn't do
> extensive testing yet. If you are in a position where you can test this, I
> am looking forward to getting your feedback!
>
> Updates will be posted to the freebsd-pf mailing list. Thanks.
>
> --
> /"\ Best regards, | mlaier@freebsd.org
> \ / Max Laier | ICQ #67774661
> X http://pf4freebsd.love2party.net/ | mlaier@EFnet
> / \ ASCII Ribbon Campaign | Against HTML Mail and News
-----------------------------------------------------------------
Hideki YAMAMOTO |
Broadband Media Solutions Department | E-mail: yamamoto436@oki.com
Broadband Media Company | Tel: +81-48-420-7012
Oki Electric Industry Co., Ltd. | FAX: +81-48-420-7016
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Hideki Yamamoto: "Re: Several IPv6 tunnels possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
