Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-doc
 Path: blob/main/website/content/en/status/report-2023-04-2023-06/pf.adoc
18096 views
=== Pf Improvements

Links: +
link:https://reviews.freebsd.org/D40911[D40911] URL: link:https://reviews.freebsd.org/D40911[] +
link:https://reviews.freebsd.org/D40861[D40861] URL: link:https://reviews.freebsd.org/D40861[] +
link:https://reviews.freebsd.org/D40862[D40862] URL: link:https://reviews.freebsd.org/D40862[] +
link:https://reviews.freebsd.org/D40863[D40863] URL: link:https://reviews.freebsd.org/D40863[] +
link:https://reviews.freebsd.org/D40864[D40864] URL: link:https://reviews.freebsd.org/D40864[] +
link:https://reviews.freebsd.org/D40865[D40865] URL: link:https://reviews.freebsd.org/D40865[] +
link:https://reviews.freebsd.org/D40866[D40866] URL: link:https://reviews.freebsd.org/D40866[] +
link:https://reviews.freebsd.org/D40867[D40867] URL: link:https://reviews.freebsd.org/D40867[] +
link:https://reviews.freebsd.org/D40868[D40868] URL: link:https://reviews.freebsd.org/D40868[] +
link:https://reviews.freebsd.org/D40869[D40869] URL: link:https://reviews.freebsd.org/D40869[] +
link:https://reviews.freebsd.org/D40870[D40870] URL: link:https://reviews.freebsd.org/D40870[]

Contact: Kajetan Staszkiewicz <[email protected]> +
Contact: Naman Sood <[email protected]> +
Contact: Kristof Provost <[email protected]>

man:pf[4] is one of the firewalls included in FreeBSD, and is probably the most popular.
pf was created by the OpenBSD project and subsequently ported to FreeBSD.

==== Backport OpenBSD Syntax

Kajetan introduced the OpenBSD syntax of "scrub" operations in "match" and "pass" rules.
Existing rules remain supported, but now OpenBSD style "scrub" configuration is also supported.

==== pfsync Protocol Versioning

The man:pfsync[4] protocol version can now be configured, allowing for protocol changes while still supporting state synchronisation between disparate kernel versions.
The primary benefit is to allow protocol changes enabling new functionality.

==== pfsync: Transport over IPv6

pfsync traffic can now be carried over IPv6 as well.
Naman finished the work started by Luiz Amaral.

==== SCTP

There is work in progress to support SCTP in pf.
That support includes filtering on port numbers, state tracking, pfsync failover and returning ABORT chunks for rejected connections.

Sponsor: InnoGames GmbH +
Sponsor: Orange Business Services +
Sponsor: The FreeBSD Foundation