PF on dragonflybsd
Matthew Dillon
dillon at apollo.backplane.com
Sat Aug 15 08:47:36 PDT 2009
The biggest difference, apart from our PF being fairly old, is that
keep state is not the default. But we have a directive to set the
default (I think OpenBSD doesn't).
So in a DragonFly pf.conf you would say (near the top):
set keep-policy keep state (pickups)
And then keep state would be the default. pickups is a DragonFly
directive which I don't know if OpenBSD picked up or not (heh).
It fixes the problem of rebooting the router box running PF causing
all TCP connections going through the router to drop. Without it
keep state on the TCP connections will throw existing connections
away because it doesn't see the SYNs or know the TCP window size.
DragonFly's PF also has a fair-share scheduler (which I wrote).
-Matt
More information about the Users
mailing list