WhatsNew50.txt revision 254219
1What's new in 5.1 2================= 3 4General 5------- 6* all of the tuneables can now be set at any time, not just whilst disabled 7 or prior to loading rules; 8 9* group identifiers may now be a number or name (universal); 10 11* man pages rewritten 12 13* tunables can now be set via ipf.conf; 14 15Logging 16------- 17* ipmon.conf can now be used to generate SNMPv1 and SNMPv2 traps using 18 information from log entries from the kernel; 19 20NAT changes 21----------- 22* DNS proxy for the kernel that can block queries based on domain names; 23 24* FTP proxy can be configured to limit data connections to one or many 25 connections per client; 26 27* NAT on IPv6 is now supported; 28 29* rewrite command allows changing both the source and destination address 30 in a single NAT rule; 31 32* simple encapsulation can now be configured with ipnat.conf, 33 34* TFTP proxy now included; 35 36Packet Filtering 37---------------- 38* acceptance of ICMP packets for "keep state" rules can be refined through 39 the use of filtering rules; 40 41* alternative form for writing rules using simple filtering expressions; 42 43* CIPSO headers now recognised and analysed for filtering on DOI; 44 45* comments can now be a part of a rule and loaded into the kernel and 46 thus displayed with ipfstat; 47 48* decapsulation rules allow filtering on inner headers, providing they 49 are not encrypted; 50 51* interface names, aside from that the packet is on, can be present in 52 filter rules; 53 54* internally now a single list of filter rules, there is no longer an 55 IPv4 and IPv6 list; 56 57* rules can now be added with an expiration time, allowing for their 58 automatic removal after some period of time; 59 60* single file, ipf.conf, can now be used for both IPv4 and IPv6 rules; 61 62* stateful filtering now allows for limits to be placed on the number 63 of distinct hosts allowed per rule; 64 65Pools 66----- 67* addresses added to a pool via the command line (only!) can be given 68 an expiration timeout; 69 70* destination lists are a new type of address pool, primarily for use with 71 NAT rdr rules, supporting newer algorithms for target selection; 72 73* raw whois information saved to a file can be used to populate a pool; 74 75Solaris 76------- 77* support for use in zones with exclusive IP instances fully supported. 78 79Tools 80----- 81* use of matching expressions allows for refining what is displayed or 82 flushed; 83 84