[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Ryan Thomas McBride <mcbride_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Fri, 6 Oct 2006 04:45:44 -0600 (MDT)

CVSROOT:	/cvs
Module name:	src
Changes by:	mcbride_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2006/10/06 04:45:44

Modified files:
	sbin/pfctl     : parse.y 

Log message:
Make 'flags S/SA keep state' the implicit for filter rules, based on
a suggestion from dhartmei_(_at_)__(_dot_)_ Also add 'flags any' and 'no state' options
to disable flag matching and stateful filtering respectively.

IMPORTANT NOTE:
Current rulesets will continue to load, but the behaviour may be slightly
changed as these defaults are more restrictive. If you are purposefully
filtering statelessly ('no state') or have a requirement to create states
on intermediate packets ('flags any') you should update your ruleset to
make use of the new keywords to explicitly request the behaviour.

Note that creation of states from intermediate packets in a connection is
not recommended, and will increasingly cause problems as more OSs enable
window scaling and increase buffer sizes by default.

ok dhartmei@ deraadt@ henning@

Prev by Date: CVS: cvs.openbsd.org: src
Next by Date: CVS: cvs.openbsd.org: src
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org