HEADSUP: Import of pf from OpenBSD 3.5

Max Laier max at love2party.net
Wed Jun 16 22:38:00 GMT 2004


I will be importing a new version of pf in the next hour. This is long due and 
really well-tested. However, the first step will bring in OPENBSD_3_5_BASE 
(i.e. the release version, not the STABLE branch). We will catch up on 
-STABLE soon thereafter. Just FYI, better wait a bit before you re-build 
world to get the new stuff.

The import will enable us to test ALTQ very easily and help in deploying 
driver changes.

The OpenBSD release notes say:
"+ A large number of bug fixes, changes, and optimizations to our packet 
   filter pf(4) including: 
   - Atomic commits of ruleset changes (reduce the chance of ending up in an 
     inconsistent state). 
   - A 30% reduction in the size of state table entries. 
   - Source-tracking (limit number of clients and states per client). 
   - Sticky-address (the flexibility of round-robin with the benefits of 
   - Invert the socket match order when redirecting to localhost (prevents the 
     potential security problem of remote connections being identified as 
   - Significant improvements to interface handling."

Best regards,				| mlaier at freebsd.org
Max Laier				| ICQ #67774661
http://pf4freebsd.love2party.net/	| mlaier at EFnet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040617/a337e881/attachment.bin

More information about the freebsd-current mailing list