Hi!

I have just upgraded IPFilter to the latest version (3.4.25)
on NetBSD -current. You must recompile kernel and the ipf
tools to use the new version:

# (cd /usr/src/sys && make includes)
# (cd /usr/src/usr.sbin/ipf && make dependall install)

After reboot you should see this message:

IP Filter: v3.4.25 initialized.  Default = pass all, Logging = enabled

I have tested this on i386 and alpha and things seem to work
without any errors. If you detect errors (or have improvements),
please send a problem report with the send-pr tool.

Changes since 3.4.23:

* fix NULL-pointer dereference in NAT code (kern/15685)
* always print IPv6 icmp-types as a number
* impose some rules about what "skip" can be used with
* fix parsing problems with "keep state" and "keep state-age"
* Try to read as much data as is in the log device in ipmon
* remove some redundant checks when searching for rdr/nat rules
* fix bug in handling of ACCT with FTP proxy
* increase array size for interface names, using LIFNAMSIZ
* retain rule # in state information
* log the direction of a packet so ipmon gets it right rather than incorrectly
  deriving it from the rule flags
* add #ifdef for IPFILTER_LOGSIZE (put options IPFILTER_LOGSIZE=16384 in BSD
  kernel config files to increase that buffer size)
* recognise return-* rules differently to block in ipftest
* add regression testing for skip rules, logging and using head/group
* fix output of ipmon: was displaying large unsigned ints rather than -1
  when no rules matched.
* make logging code compile into ipftest and add -l command line option to
  dump binary log file (read with ipmon -f) when it finishes.
* protect rule # and group # from interference when checking accounting rules
* add regression testing for log output (text) from ipmon.
* document -b command line option for ipmon

Martti

---
Martti Kuparinen <martti.kuparinen@iki.fi>      NetBSD - No media hype
http://www.iki.fi/~kuparine/                    http://www.netbsd.org/