head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC5:1.1.1.1 netbsd-11-0-RC4:1.1.1.1 netbsd-11-0-RC3:1.1.1.1 netbsd-11-0-RC2:1.1.1.1 netbsd-11-0-RC1:1.1.1.1 perseant-exfatfs-base-20250801:1.1.1.1 netbsd-11:1.1.1.1.0.50 netbsd-11-base:1.1.1.1 netbsd-10-1-RELEASE:1.1.1.1 perseant-exfatfs-base-20240630:1.1.1.1 perseant-exfatfs:1.1.1.1.0.48 perseant-exfatfs-base:1.1.1.1 netbsd-8-3-RELEASE:1.1.1.1 netbsd-9-4-RELEASE:1.1.1.1 netbsd-10-0-RELEASE:1.1.1.1 netbsd-10-0-RC6:1.1.1.1 netbsd-10-0-RC5:1.1.1.1 netbsd-10-0-RC4:1.1.1.1 netbsd-10-0-RC3:1.1.1.1 netbsd-10-0-RC2:1.1.1.1 netbsd-10-0-RC1:1.1.1.1 netbsd-10:1.1.1.1.0.46 netbsd-10-base:1.1.1.1 netbsd-9-3-RELEASE:1.1.1.1 cjep_sun2x-base1:1.1.1.1 cjep_sun2x:1.1.1.1.0.44 cjep_sun2x-base:1.1.1.1 cjep_staticlib_x-base1:1.1.1.1 netbsd-9-2-RELEASE:1.1.1.1 cjep_staticlib_x:1.1.1.1.0.42 cjep_staticlib_x-base:1.1.1.1 netbsd-9-1-RELEASE:1.1.1.1 phil-wifi-20200421:1.1.1.1 phil-wifi-20200411:1.1.1.1 is-mlppp:1.1.1.1.0.40 is-mlppp-base:1.1.1.1 phil-wifi-20200406:1.1.1.1 netbsd-8-2-RELEASE:1.1.1.1 netbsd-9-0-RELEASE:1.1.1.1 netbsd-9-0-RC2:1.1.1.1 netbsd-9-0-RC1:1.1.1.1 phil-wifi-20191119:1.1.1.1 netbsd-9:1.1.1.1.0.38 netbsd-9-base:1.1.1.1 phil-wifi-20190609:1.1.1.1 netbsd-8-1-RELEASE:1.1.1.1 netbsd-8-1-RC1:1.1.1.1 pgoyette-compat-merge-20190127:1.1.1.1 pgoyette-compat-20190127:1.1.1.1 pgoyette-compat-20190118:1.1.1.1 pgoyette-compat-1226:1.1.1.1 pgoyette-compat-1126:1.1.1.1 pgoyette-compat-1020:1.1.1.1 pgoyette-compat-0930:1.1.1.1 pgoyette-compat-0906:1.1.1.1 netbsd-7-2-RELEASE:1.1.1.1 pgoyette-compat-0728:1.1.1.1 netbsd-8-0-RELEASE:1.1.1.1 phil-wifi:1.1.1.1.0.36 phil-wifi-base:1.1.1.1 pgoyette-compat-0625:1.1.1.1 netbsd-8-0-RC2:1.1.1.1 pgoyette-compat-0521:1.1.1.1 pgoyette-compat-0502:1.1.1.1 pgoyette-compat-0422:1.1.1.1 netbsd-8-0-RC1:1.1.1.1 pgoyette-compat-0415:1.1.1.1 pgoyette-compat-0407:1.1.1.1 pgoyette-compat-0330:1.1.1.1 pgoyette-compat-0322:1.1.1.1 pgoyette-compat-0315:1.1.1.1 netbsd-7-1-2-RELEASE:1.1.1.1 pgoyette-compat:1.1.1.1.0.34 pgoyette-compat-base:1.1.1.1 netbsd-7-1-1-RELEASE:1.1.1.1 matt-nb8-mediatek:1.1.1.1.0.32 matt-nb8-mediatek-base:1.1.1.1 perseant-stdc-iso10646:1.1.1.1.0.30 perseant-stdc-iso10646-base:1.1.1.1 netbsd-8:1.1.1.1.0.28 netbsd-8-base:1.1.1.1 prg-localcount2-base3:1.1.1.1 prg-localcount2-base2:1.1.1.1 prg-localcount2-base1:1.1.1.1 prg-localcount2:1.1.1.1.0.26 prg-localcount2-base:1.1.1.1 pgoyette-localcount-20170426:1.1.1.1 bouyer-socketcan-base1:1.1.1.1 pgoyette-localcount-20170320:1.1.1.1 netbsd-7-1:1.1.1.1.0.24 netbsd-7-1-RELEASE:1.1.1.1 netbsd-7-1-RC2:1.1.1.1 netbsd-7-nhusb-base-20170116:1.1.1.1 bouyer-socketcan:1.1.1.1.0.22 bouyer-socketcan-base:1.1.1.1 pgoyette-localcount-20170107:1.1.1.1 netbsd-7-1-RC1:1.1.1.1 pgoyette-localcount-20161104:1.1.1.1 netbsd-7-0-2-RELEASE:1.1.1.1 localcount-20160914:1.1.1.1 netbsd-7-nhusb:1.1.1.1.0.20 netbsd-7-nhusb-base:1.1.1.1 pgoyette-localcount-20160806:1.1.1.1 pgoyette-localcount-20160726:1.1.1.1 pgoyette-localcount:1.1.1.1.0.18 pgoyette-localcount-base:1.1.1.1 netbsd-7-0-1-RELEASE:1.1.1.1 netbsd-7-0:1.1.1.1.0.16 netbsd-7-0-RELEASE:1.1.1.1 netbsd-7-0-RC3:1.1.1.1 netbsd-7-0-RC2:1.1.1.1 netbsd-7-0-RC1:1.1.1.1 netbsd-7:1.1.1.1.0.14 netbsd-7-base:1.1.1.1 yamt-pagecache-base9:1.1.1.1 yamt-pagecache-tag8:1.1.1.1.2.2 tls-earlyentropy:1.1.1.1.0.12 tls-earlyentropy-base:1.1.1.1 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.1.1.1 riastradh-drm2-base3:1.1.1.1 riastradh-drm2-base2:1.1.1.1 riastradh-drm2-base1:1.1.1.1 riastradh-drm2:1.1.1.1.0.6 riastradh-drm2-base:1.1.1.1 khorben-n900:1.1.1.1.0.10 agc-symver:1.1.1.1.0.8 agc-symver-base:1.1.1.1 yamt-pagecache-base8:1.1.1.1 yamt-pagecache-base7:1.1.1.1 yamt-pagecache-base6:1.1.1.1 tls-maxphys:1.1.1.1.0.4 tls-maxphys-base:1.1.1.1 v5-1-2:1.1.1.1 yamt-pagecache-base5:1.1.1.1 yamt-pagecache:1.1.1.1.0.2 yamt-pagecache-base4:1.1.1.1 v5-1-1:1.1.1.1 DARRENR:1.1.1; locks; strict; comment @# @; 1.1 date 2012.03.23.21.20.01; author christos; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2012.03.23.21.20.01; author christos; state Exp; branches 1.1.1.1.2.1; next ; 1.1.1.1.2.1 date 2012.03.23.21.20.01; author yamt; state dead; branches; next 1.1.1.1.2.2; 1.1.1.1.2.2 date 2012.04.17.00.03.11; author yamt; state Exp; branches; next ; desc @@ 1.1 log @Initial revision @ text @What's new in 5.1 ================= General ------- * all of the tuneables can now be set at any time, not just whilst disabled or prior to loading rules; * group identifiers may now be a number or name (universal); * man pages rewritten * tunables can now be set via ipf.conf; Logging ------- * ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using information from log entries from the kernel; NAT changes ----------- * DNS proxy for the kernel that can block queries based on domain names; * FTP proxy can be configured to limit data connections to one or many connections per client; * NAT on IPv6 is now supported; * rewrite command allows changing both the source and destination address in a single NAT rule; * simple encapsulation can now be configured with ipnat.conf, * TFTP proxy now included; Packet Filtering ---------------- * acceptance of ICMP packets for "keep state" rules can be refined through the use of filtering rules; * alternative form for writing rules using simple filtering expressions; * CIPSO headers now recognised and analysed for filtering on DOI; * comments can now be a part of a rule and loaded into the kernel and thus displayed with ipfstat; * decapsulation rules allow filtering on inner headers, providing they are not encrypted; * interface names, aside from that the packet is on, can be present in filter rules; * internally now a single list of filter rules, there is no longer an IPv4 and IPv6 list; * rules can now be added with an expiration time, allowing for their automatic removal after some period of time; * single file, ipf.conf, can now be used for both IPv4 and IPv6 rules; * stateful filtering now allows for limits to be placed on the number of distinct hosts allowed per rule; Pools ----- * addresses added to a pool via the command line (only!) can be given an expiration timeout; * destination lists are a new type of address pool, primarily for use with NAT rdr rules, supporting newer algorithms for target selection; * raw whois information saved to a file can be used to populate a pool; Solaris ------- * support for use in zones with exclusive IP instances fully supported. Tools ----- * use of matching expressions allows for refining what is displayed or flushed; @ 1.1.1.1 log @import 5.1.1 @ text @@ 1.1.1.1.2.1 log @file WhatsNew50.txt was added on branch yamt-pagecache on 2012-04-17 00:03:11 +0000 @ text @d1 83 @ 1.1.1.1.2.2 log @sync with head @ text @a0 83 What's new in 5.1 ================= General ------- * all of the tuneables can now be set at any time, not just whilst disabled or prior to loading rules; * group identifiers may now be a number or name (universal); * man pages rewritten * tunables can now be set via ipf.conf; Logging ------- * ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using information from log entries from the kernel; NAT changes ----------- * DNS proxy for the kernel that can block queries based on domain names; * FTP proxy can be configured to limit data connections to one or many connections per client; * NAT on IPv6 is now supported; * rewrite command allows changing both the source and destination address in a single NAT rule; * simple encapsulation can now be configured with ipnat.conf, * TFTP proxy now included; Packet Filtering ---------------- * acceptance of ICMP packets for "keep state" rules can be refined through the use of filtering rules; * alternative form for writing rules using simple filtering expressions; * CIPSO headers now recognised and analysed for filtering on DOI; * comments can now be a part of a rule and loaded into the kernel and thus displayed with ipfstat; * decapsulation rules allow filtering on inner headers, providing they are not encrypted; * interface names, aside from that the packet is on, can be present in filter rules; * internally now a single list of filter rules, there is no longer an IPv4 and IPv6 list; * rules can now be added with an expiration time, allowing for their automatic removal after some period of time; * single file, ipf.conf, can now be used for both IPv4 and IPv6 rules; * stateful filtering now allows for limits to be placed on the number of distinct hosts allowed per rule; Pools ----- * addresses added to a pool via the command line (only!) can be given an expiration timeout; * destination lists are a new type of address pool, primarily for use with NAT rdr rules, supporting newer algorithms for target selection; * raw whois information saved to a file can be used to populate a pool; Solaris ------- * support for use in zones with exclusive IP instances fully supported. Tools ----- * use of matching expressions allows for refining what is displayed or flushed; @