WhatsNew50.txt - net/ipfilter - Rivoreo Source Code Repositories

 What's new in 5.1
 =================

 General
 -------
 * all of the tuneables can now be set at any time, not just whilst disabled
   or prior to loading rules;

 * group identifiers may now be a number or name (universal);

 * man pages rewritten

 * tunables can now be set via ipf.conf;

 Logging
 -------
 * ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using
   information from log entries from the kernel;

 NAT changes
 -----------
 * DNS proxy for the kernel that can block queries based on domain names;

 * FTP proxy can be configured to limit data connections to one or many
   connections per client;

 * NAT on IPv6 is now supported;

 * rewrite command allows changing both the source and destination address
   in a single NAT rule;

 * simple encapsulation can now be configured with ipnat.conf,

 * TFTP proxy now included;

 Packet Filtering
 ----------------
 * acceptance of ICMP packets for "keep state" rules can be refined through
   the use of filtering rules;

 * alternative form for writing rules using simple filtering expressions;

 * CIPSO headers now recognised and analysed for filtering on DOI;

 * comments can now be a part of a rule and loaded into the kernel and
   thus displayed with ipfstat;

 * decapsulation rules allow filtering on inner headers, providing they
   are not encrypted;

 * interface names, aside from that the packet is on, can be present in
   filter rules;

 * internally now a single list of filter rules, there is no longer an
   IPv4 and IPv6 list;

 * rules can now be added with an expiration time, allowing for their
   automatic removal after some period of time;

 * single file, ipf.conf, can now be used for both IPv4 and IPv6 rules;

 * stateful filtering now allows for limits to be placed on the number
   of distinct hosts allowed per rule;

 Pools
 -----
 * addresses added to a pool via the command line (only!) can be given
   an expiration timeout;

 * destination lists are a new type of address pool, primarily for use with
   NAT rdr rules, supporting newer algorithms for target selection;

 * raw whois information saved to a file can be used to populate a pool;

 Solaris
 -------
 * support for use in zones with exclusive IP instances fully supported.

 Tools
 -----
 * use of matching expressions allows for refining what is displayed or
   flushed;
	What's new in 5.1
	=================

	General
	-------
	* all of the tuneables can now be set at any time, not just whilst disabled
	or prior to loading rules;

	* group identifiers may now be a number or name (universal);

	* man pages rewritten

	* tunables can now be set via ipf.conf;

	Logging
	-------
	* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using
	information from log entries from the kernel;

	NAT changes
	-----------
	* DNS proxy for the kernel that can block queries based on domain names;

	* FTP proxy can be configured to limit data connections to one or many
	connections per client;

	* NAT on IPv6 is now supported;

	* rewrite command allows changing both the source and destination address
	in a single NAT rule;

	* simple encapsulation can now be configured with ipnat.conf,

	* TFTP proxy now included;

	Packet Filtering
	----------------
	* acceptance of ICMP packets for "keep state" rules can be refined through
	the use of filtering rules;

	* alternative form for writing rules using simple filtering expressions;

	* CIPSO headers now recognised and analysed for filtering on DOI;

	* comments can now be a part of a rule and loaded into the kernel and
	thus displayed with ipfstat;

	* decapsulation rules allow filtering on inner headers, providing they
	are not encrypted;

	* interface names, aside from that the packet is on, can be present in
	filter rules;

	* internally now a single list of filter rules, there is no longer an
	IPv4 and IPv6 list;

	* rules can now be added with an expiration time, allowing for their
	automatic removal after some period of time;

	* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules;

	* stateful filtering now allows for limits to be placed on the number
	of distinct hosts allowed per rule;

	Pools
	-----
	* addresses added to a pool via the command line (only!) can be given
	an expiration timeout;

	* destination lists are a new type of address pool, primarily for use with
	NAT rdr rules, supporting newer algorithms for target selection;

	* raw whois information saved to a file can be used to populate a pool;

	Solaris
	-------
	* support for use in zones with exclusive IP instances fully supported.

	Tools
	-----
	* use of matching expressions allows for refining what is displayed or
	flushed;