[HN Gopher] What every IT person needs to know about OpenBSD Par...
       ___________________________________________________________________
        
       What every IT person needs to know about OpenBSD Part 3: That
       packet filter
        
       Author : zdw
       Score  : 54 points
       Date   : 2021-11-20 18:40 UTC (4 hours ago)
        
 (HTM) web link (blog.apnic.net)
 (TXT) w3m dump (blog.apnic.net)
        
       | john37386 wrote:
       | I used pf + carp on OpenBSD in 2004. It was really awesome to
       | failover from 1 firewall to the other without losing tcp + udp
       | states for all the servers and clients behind the cluster. pf is
       | really powerful. pf on OpenBSD even more! Another nice features
       | is to tweak some tcp options per rules. Let's say you want to
       | fast expires tcp port 443 connections to your cdn servers but,
       | still keep normal tcp timeouts for the rest. Nice article
        
       | user3939382 wrote:
       | Be aware that OpenBSD can, will, and often has, made breaking
       | changes to their packet filter/firewall rule syntax. Keep that in
       | mind if you decide to rely on this for a firewall that's remote
       | and not practical to access but requires patch maintenance
       | without OOB access.
        
       | [deleted]
        
       ___________________________________________________________________
       (page generated 2021-11-20 23:00 UTC)