PF Changes in 4.2
I remember reading some changes to the defaults for pf in how states are tracked in pf.conf rules (default is now keep state flags S/SA). For the life of me I can not find any official reference to it on the internet or in my mail. Can someone give me a pointer? The only reference I can find on the net (nothing from openbsd.org): http://home.nuug.no/~peter/pf/en/long-firewall.html#AEN415 Thanks, Axton Grams
Re: PF Changes in 4.2
On 05/11/2007, Axton [EMAIL PROTECTED] wrote: I remember reading some changes to the defaults for pf in how states are tracked in pf.conf rules (default is now keep state flags S/SA). For the life of me I can not find any official reference to it on the internet or in my mail. Can someone give me a pointer? The only reference I can find on the net (nothing from openbsd.org): http://home.nuug.no/~peter/pf/en/long-firewall.html#AEN415 http://www.openbsd.org/41.html keep state is now the default for pf.conf(5) rules, as is the flags S/SA option on TCP connections. no state and flags any can be used to disable stateful filtering or TCP flags checking. C.
Re: PF Changes in 4.2
Axton [EMAIL PROTECTED] writes: I remember reading some changes to the defaults for pf in how states are tracked in pf.conf rules (default is now keep state flags S/SA). For the life of me I can not find any official reference to it on the internet or in my mail. Can someone give me a pointer? If you go to http://www.openbsd.org/41.html and search for keep state (leave out the quoutes) you will find it there, ate least. The only reference I can find on the net (nothing from openbsd.org): http://home.nuug.no/~peter/pf/en/long-firewall.html#AEN415 There are other formats available (I much prefer the chunked html or pdf myself), and soon (decemberish, before xmas) nostarch.com will have an improved, inexpensive dead tree and/or pdf version available. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: PF Changes in 4.2
On 11/5/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: snip There are other formats available (I much prefer the chunked html or pdf myself), and soon (decemberish, before xmas) nostarch.com will have an improved, inexpensive dead tree and/or pdf version available. Peter, I'm new to both OpenBSD and pf. I've read much on the two already and am very much looking forward to reading your book. By the way, having just now checked, I see that it's available for pre-order[0]! I shall put my order in ASAP. Todd [0] http://nostarch.com/pf.htm
