Pf Improvements
Links:
D40911 URL:
https://reviews.freebsd.org/D40911
D40861 URL:
https://reviews.freebsd.org/D40861
D40862 URL:
https://reviews.freebsd.org/D40862
D40863 URL:
https://reviews.freebsd.org/D40863
D40864 URL:
https://reviews.freebsd.org/D40864
D40865 URL:
https://reviews.freebsd.org/D40865
D40866 URL:
https://reviews.freebsd.org/D40866
D40867 URL:
https://reviews.freebsd.org/D40867
D40868 URL:
https://reviews.freebsd.org/D40868
D40869 URL:
https://reviews.freebsd.org/D40869
D40870 URL:
https://reviews.freebsd.org/D40870
Contact: Kajetan Staszkiewicz <vegeta@tuxpowered.net>
Contact: Naman Sood <naman@freebsdfoundation.org>
Contact: Kristof Provost <kp@FreeBSD.org>
pf(4) is one of the firewalls included in FreeBSD, and is probably the most popular. pf was created by the OpenBSD project and subsequently ported to FreeBSD.
Backport OpenBSD Syntax
Kajetan introduced the OpenBSD syntax of "scrub" operations in "match" and "pass" rules. Existing rules remain supported, but now OpenBSD style "scrub" configuration is also supported.
pfsync Protocol Versioning
The pfsync(4) protocol version can now be configured, allowing for protocol changes while still supporting state synchronisation between disparate kernel versions. The primary benefit is to allow protocol changes enabling new functionality.
pfsync: Transport over IPv6
pfsync traffic can now be carried over IPv6 as well. Naman finished the work started by Luiz Amaral.
SCTP
There is work in progress to support SCTP in pf. That support includes filtering on port numbers, state tracking, pfsync failover and returning ABORT chunks for rejected connections.
Sponsor: InnoGames GmbH
Sponsor: Orange Business Services
Sponsor: The FreeBSD Foundation
Last modified on: July 28, 2023 by Graham Perrin