Max Laier ma bejelentette, hogy az érdeklődők nekiállhatnak tesztelni a PF régóta várt új verzióját. Az anyag a majdan megjelenő OpenBSD 3.7-ben levő pf szintjén van és annak majdnem az összes funkcióját tudja. Újdonságok: + pfctl(8) now provides a rules optimizer to help improve filtering speed.
+ pf, now supports nested anchors.
+ Support limiting TCP connections by establishment rate, automatically
adding flooding IP addresses to tables and flushing states
(max-src-conn-rate, overload , flush global).
+ Improved functionality of tags (tag and tagged for translation rules,
tagging of all packets matching state entries).
+ Improved diagnostics (error messages and additional counters from
pfctl -si).
+ New keyword set skip on to skip filtering on arbitrary interfaces, like
loopback.
+ Several bugfixes improving stability.
Ami hiányzik:
- Filtering on route labels (we don't have any).
- Return-rst on IP-less bridges (bridge support is still behind; There is
work ongoing to improve this as well, though.).
- Congestion prevention/graceful comeback (subject to future work)
Bejelentés itt.