keep yer pants on! :-)
pf is indeed in the OpenBSD tree now, with support for IPF-compatible
rulesets, NAT, logging of blocked packets to a fake interface
(/dev/pflog) that is tcpdump'able (with support in tcpdump to print
which rule the packet matched against), IPF-compatible TCP state
tracking from Guido van Rooij's SANE 2000 paper, and much more to come
(TCP ISN fixups ala PIX, transparent proxies, scrubbing, etc.).
the code is also quite readable, which makes for easier auditing.
we invite any interested parties to work with us on the new code.
-d.
---
http://www.monkey.org/~dugsong/
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
