PF, The OpenBSD Packet Filter: Building The Network You Need: BSDCan, Ottawa, June 10th 2015 | ||
---|---|---|
Prev | Next |
OpenBSD 4.8 and 4.9 had few user visible changes to PF (but the logging system was cleaned up), bug fixes, IPv6 related fixes, including fragment handling
The Next Big Thing: New traffic shaping subsystem (aka the beginning of the end for ALTQ), at first prio keyword for per rule priority (5.0)
The proxies (ftp-proxy, tftp-proxy) changed to divert(4), use divert-to in rules (5.0)
In OpenBSD 5.1 we saw NAT64 implemented with af-to, plus misc IPv6 sanity injections
OpenBSD 5.2: Set-able prio and tos, improved TOS handling, least-states translation option for load balancing added, limit on number of pflog(8) interfaces removed (was 16), pfsync(8) improvements
OpenBSD 5.3: (Incremental) syntax change: queue assignment (still ALTQ) becomes a set operation, misc bug fixes and speed improvements
OpenBSD 5.4: Few user-visible changes, mainly performance improvements under the hood (checksums handling etc)