Re: pf(4) status in 7.0-R

From: Hugo Silva <hugo_at_barafranca.com>
Date: Fri, 01 Jun 2007 15:10:16 +0100
LI Xin wrote:
> Stanislaw Halik wrote:
>   
>> Heya,
>>
>> Are there any plans to sync pf(4) before 7.0-R? OpenBSD has some neat
>> stuff in it, including expiretable functionality, which would come in
>> handy.
>>     
>
> Last time I have talked with Max (Cc'ed) about the issue, we finally
> figured out that porting the whole stuff would need some infrastructural
> changes to our routing code, which could be risky so we wanted to avoid
> it at this stage (about 15 days before RELENG_7 code freeze).  On the
> other hand, some functionality (like the expiretable feature) does not
> seem to touch a large part of kernel and might be appropriate
> RELENG_7(_0) candidate.
>
> Could you please enumerate some features that FreeBSD is currently lack
> of and are considered "high priority" so we will be able to evaluate
> whether to port?
>
> BTW.  Patches are always welcome, as usual :-)  So don't hesitate to
> submit if you already did some work.
>
> Cheers,
>   
http://undeadly.org/cgi?action=article&sid=20070424020008


pflog(4) is clonable
After creating additional pflog interfaces (using ifconfig), rules can 
specify which pflog interface to use: "pass out log to pflog1 on $ext_if 
to port smtp". This will log traffic sent to SMTP servers to a different 
log interface than the default. pflogd(8) and spamlogd(8) (spamlogd -l 
pflog1) can now be told which pflog interface to work with.

is the most interesting for my usual workloads :)

Best regards,

Hugo
Received on Fri Jun 01 2007 - 12:09:46 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:11 UTC