IP Filter 3.2 - Release
Finally, IP Filter 3.2 has reached a point where it can be turned loose
upon the world with some degree of safety. New to version 3.2 are the
* ported to IRIX 5,3 & 6.2 - it has been successfully compiled into
the kernel for both of these, but only tested on 6.2 (uniprocessor).
It should also work on 6.3, but not 6.4 or above.
* Solaris 2 support extended to 2.3 - 2.6, inclusive.
* patches for OpenBSD 2.1 integration.
* limited in-kernel FTP proxy, for use with or without NAT.
* Rule groups introduced, allowing rules to be structure in a
heirarchical manner, rather than a single elongated list.
* `dynamic NAT' available, where an interface name is given, and a
0 IP address, and the current interface address is used for all
* rules can instruct the filter to skip other rules, if there's a
* packet authentication by user programs supported.
* pre-authentication table for setting up temporary permission
for packets to go through.
* matching on host/network targets can be inverted, allowing a
negative match rather than just positive.
* tunable variables available via sysctl on FreeBSD-2.2.
* logging of table entries setup & removed for NAT and state
to separate log devices, to allow for better accounting of
* 64 bit counters used for accounting (where available).
* ipsend v2.1 included.
* many other minor changes and bug fixes (including documentation :)
The somewhat primitive looking web pages can be found at:
and the package can be ftp'd from:
p.s. FYI, BSD/OS 3 will be supported in 3.2.1.