Contributed by jose on from the packet-security dept.
"We're back from c2k3 (the Hackathon 2003 in Calgary, Canada), pictures available here. Still somewhat jetlagged, so image comments will show up later. pf work done during the hackathon includes: packet tagging (add arbitrary tags to packets from filter rules and filter based on tags), SYN proxy (protects against spoofed SYN floods by doing a TCP handshake with the client first, then replaying it to the server), adaptive state timeouts (decrease timeouts when the state table grows full), TCP scrubbing and more."
Has anyone got a more thorough round up of changes?" Thanks for the info! You can see most of these new features in a -current build (or a snapshot) near you.
(Comments are closed)