DragonFly users List (threaded) for 2009-08
DragonFly BSD
DragonFly users List (threaded) for 2009-08
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: PF on dragonflybsd


From: Matthew Dillon <dillon@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 15 Aug 2009 08:44:55 -0700 (PDT)

   The biggest difference, apart from our PF being fairly old, is that
   keep state is not the default.  But we have a directive to set the
   default (I think OpenBSD doesn't).

   So in a DragonFly pf.conf you would say (near the top):

       set keep-policy keep state (pickups)

   And then keep state would be the default.  pickups is a DragonFly
   directive which I don't know if OpenBSD picked up or not (heh).
   It fixes the problem of rebooting the router box running PF causing
   all TCP connections going through the router to drop.  Without it
   keep state on the TCP connections will throw existing connections
   away because it doesn't see the SYNs or know the TCP window size.

   DragonFly's PF also has a fair-share scheduler (which I wrote).

					-Matt




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]