pf(4) status in 7.0-R
Hugo Silva
hugo at barafranca.com
Fri Jun 1 14:09:47 UTC 2007
LI Xin wrote:
> Stanislaw Halik wrote:
>
>> Heya,
>>
>> Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
>> stuff in it, including expiretable functionality, which would come in
>> handy.
>>
>
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some infrastructural
> changes to our routing code, which could be risky so we wanted to avoid
> it at this stage (about 15 days before RELENG_7 code freeze). On the
> other hand, some functionality (like the expiretable feature) does not
> seem to touch a large part of kernel and might be appropriate
> RELENG_7(_0) candidate.
>
> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?
>
> BTW. Patches are always welcome, as usual :-) So don't hesitate to
> submit if you already did some work.
>
> Cheers,
>
http://undeadly.org/cgi?action=article&sid=20070424020008
pflog(4) is clonable
After creating additional pflog interfaces (using ifconfig), rules can
specify which pflog interface to use: "pass out log to pflog1 on $ext_if
to port smtp". This will log traffic sent to SMTP servers to a different
log interface than the default. pflogd(8) and spamlogd(8) (spamlogd -l
pflog1) can now be told which pflog interface to work with.
is the most interesting for my usual workloads :)
Best regards,
Hugo
More information about the freebsd-current
mailing list