[HN Gopher] What every IT person needs to know about OpenBSD Par... ___________________________________________________________________ What every IT person needs to know about OpenBSD Part 3: That packet filter Author : zdw Score : 54 points Date : 2021-11-20 18:40 UTC (4 hours ago) (HTM) web link (blog.apnic.net) (TXT) w3m dump (blog.apnic.net) | john37386 wrote: | I used pf + carp on OpenBSD in 2004. It was really awesome to | failover from 1 firewall to the other without losing tcp + udp | states for all the servers and clients behind the cluster. pf is | really powerful. pf on OpenBSD even more! Another nice features | is to tweak some tcp options per rules. Let's say you want to | fast expires tcp port 443 connections to your cdn servers but, | still keep normal tcp timeouts for the rest. Nice article | user3939382 wrote: | Be aware that OpenBSD can, will, and often has, made breaking | changes to their packet filter/firewall rule syntax. Keep that in | mind if you decide to rely on this for a firewall that's remote | and not practical to access but requires patch maintenance | without OOB access. | [deleted] ___________________________________________________________________ (page generated 2021-11-20 23:00 UTC)