www/35.html - diff

Return to 35.html CVS log

Up to [local] / www

Diff for /www/35.html between version 1.4 and 1.5

-version 1.4, 2004/03/24 05:29:58
+version 1.5, 2004/03/24 06:03:42
 Line 84
 Line 84
 Line 84
  commands with BSD licensed equivalents.
  <p>
+ <li>A large number of bug fixes, changes, and optimizations to our packet filter
+     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pf">pf(4)</a>
+     including:
+ <ul>
+ <li>atomic commits of ruleset changes (reduce the chance of ending up in an
+     inconsistent state)
+ <li>a 30 percent reduction in the size of state table entries
+ <li>source-tracking (limit number of clients and states per client)
+ <li>sticky-address (the flexibility of round-robin with the benefits of
+     source-hash)
+ <li>invert the specific/general socket match order when redirecting to
+     localhost (Prevents the potential security problem of remote connections
+     being identified as local)
+ <li>Significant improvements to interface handling.
+ </ul>
+ <p>
+ <li>New tools for high availability and load balancing:
+ <ul>
+ <li>CARP (the Common Address Redundancy Protocol)
+     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=carp">carp(4)</a>
+     allows multiple machines to share responsibility for a given IP address or
+     addresses. If the owner of the address fails, another member of the group
+     will take over for it. A discussion of the history of CARP can be found
+     <a href="http://www.openbsd.org/lyrics.html">here</a>.
+ <li>Additions to the
+     <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfsync">pfsync(4)</a>
+     interface allow it to synchronise state table entries between two or more
+     firewalls which are operating in parallel, allowing stateful connections
+     to cross any of the firewalls regardless of where the state was initially
+     created.
+ </ul>
+ <p>
  <li>Many improvements for security and reliability (look for the red
  print in the <a href="plus.html">complete changelog</a>).
  <p>