Packet Filter State Synchronisation daemon

Contributed by jose on 2003-04-16 from the cool-tools-with-PF dept.

jsyn writes:

"This was sent to the PF mailing list:

Date: Thu, 17 Apr 2003 03:19:23 +0200
From: Julien Bordet

To: pf@benzedrine.cx

Hi

I am pleased to announce the first version of the Packet Filter State
Synchronisation Daemon, called pfsyncd.

It can be found at :

http://www.greyhats.org/openbsd/

Beware : this is an alpha release !
More information is available on the web page.

Enjoy!"

Thanks, jsyn, I had heard some people talking about this but hadn't yet had time to check it out. This looks like pfsync is headed towards real use.

(Comments are closed)

Comments

By Anonymous Coward () on 2003-04-17 00:13

So, uh, what's this used for?
Comments
1. By Mike L () on 2003-04-17 00:52
  
  See this post for a slightly more detailed description of the context.
  I agree, very cool!
  Comments
  1. By Anonymous Coward () on 2003-04-18 01:50
    
    This will let us create multi participant redundant firewalls.
    
    Whoa. That's wicked cool. I don't have a use for such a thing, but it's still darn savvy.
    
    Comments
    
    By Anonymous Coward () on 2003-04-17 17:33
    
    yeehaw!
2. By cl () on 2003-04-17 14:09
  
  So does this just keep the fw's (state and rules) in sync or does it do virtual ip's as well? Am I missing something or.... what good is it to have sync'd fw's if they don't appear to be the same "host", like VRRP?
  
  This is very cool anyway. :)
  
  cl
  Comments
  1. By Anonymous Coward () on 2003-04-17 17:51
    
    It's funny, I 've built a redundant firewall setup for my company, I've chosen Linux/Iptables because of the stable VRRP implementation of keepalived , but this has the disadvantage that with iptables, you can't share state. Now you can share state on OBSD, but I know of no good VRRP implementation for it!
By Anonymous Coward () on 2003-04-17 04:00

pf is on the way to becomming good competitior to iptables/ipf

and on openbsd!

good job guys!
Comments
1. By Anonymous Coward () on 2003-04-17 05:24
  
  What does ipf/iptables have that's as good or better?
  Comments
  1. By anonymous () on 2003-04-17 06:33
    
    well. iptables has some really cute webmin-module :)
    
    Comments
    
    By Anonymous Coward () on 2003-04-17 09:41
    
    Please, kill yourself.
    
    Comments
    
    By Anonymous Coward () on 2003-04-17 09:43
    
    You must have a huge penis.
    
    Comments
    
    By Anonymous Coward () on 2003-04-18 01:05
    
    Anonymous Coward's penis has a posse.
    
    7'4", 520 lb.
    
    By Anonymous Coward () on 2003-04-17 20:12
    
    Doh! I forgot about that... Screw PF now.. IPTables now officially 0wnz but other than that, I don't know why it 0wnz, just that it does cause I say so!
    
    -Anonymous Coward-
  2. By Anonymous Coward () on 2003-04-18 07:06
    
    maybe the abaility to rate connexions, avoiding some dos attacks (ie: limiting to 10 tcp syn to port 80 / second)...
2. By Nate () nate@my-balls.com on 2003-04-17 09:58 mailto:nate@my-balls.com
  
  I've thought pf better then iptables since 3.1, and that was prior to the nat/pf merger, this was mostly because of the much easier to read syntax.
  Comments
  1. By Anonymous Coward () on 2003-04-17 17:37
    
    pf was better than anything on the planet 1 month into existance.
3. By Anonymous Coward () on 2003-04-17 17:36
  
  "pf is on the way to becomming good competitior to iptables/ipf"
  
  wah? pf has no competition.

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]