=== Pf Improvements Links: + link:https://reviews.freebsd.org/D40911[D40911] URL: link:https://reviews.freebsd.org/D40911[] + link:https://reviews.freebsd.org/D40861[D40861] URL: link:https://reviews.freebsd.org/D40861[] + link:https://reviews.freebsd.org/D40862[D40862] URL: link:https://reviews.freebsd.org/D40862[] + link:https://reviews.freebsd.org/D40863[D40863] URL: link:https://reviews.freebsd.org/D40863[] + link:https://reviews.freebsd.org/D40864[D40864] URL: link:https://reviews.freebsd.org/D40864[] + link:https://reviews.freebsd.org/D40865[D40865] URL: link:https://reviews.freebsd.org/D40865[] + link:https://reviews.freebsd.org/D40866[D40866] URL: link:https://reviews.freebsd.org/D40866[] + link:https://reviews.freebsd.org/D40867[D40867] URL: link:https://reviews.freebsd.org/D40867[] + link:https://reviews.freebsd.org/D40868[D40868] URL: link:https://reviews.freebsd.org/D40868[] + link:https://reviews.freebsd.org/D40869[D40869] URL: link:https://reviews.freebsd.org/D40869[] + link:https://reviews.freebsd.org/D40870[D40870] URL: link:https://reviews.freebsd.org/D40870[] Contact: Kajetan Staszkiewicz + Contact: Naman Sood + Contact: Kristof Provost man:pf[4] is one of the firewalls included in FreeBSD, and is probably the most popular. pf was created by the OpenBSD project and subsequently ported to FreeBSD. ==== Backport OpenBSD Syntax Kajetan introduced the OpenBSD syntax of "scrub" operations in "match" and "pass" rules. Existing rules remain supported, but now OpenBSD style "scrub" configuration is also supported. ==== pfsync Protocol Versioning The man:pfsync[4] protocol version can now be configured, allowing for protocol changes while still supporting state synchronisation between disparate kernel versions. The primary benefit is to allow protocol changes enabling new functionality. ==== pfsync: Transport over IPv6 pfsync traffic can now be carried over IPv6 as well. Naman finished the work started by Luiz Amaral. ==== SCTP There is work in progress to support SCTP in pf. That support includes filtering on port numbers, state tracking, pfsync failover and returning ABORT chunks for rejected connections. Sponsor: InnoGames GmbH + Sponsor: Orange Business Services + Sponsor: The FreeBSD Foundation