Hi!

I have just upgraded IPFilter to the latest version (3.4.27) on
NetBSD -current. You must recompile kernel and the ipf tools to
use the new version:

# (cd /usr/src/sys && make includes)
# (cd /usr/src/usr.sbin/ipf && make dependall install)

After reboot you should see this message:

IP Filter: v3.4.27 initialized.  Default = pass all, Logging = enabled

I have tested this on i386 and things seem to work without any errors.
If you detect errors (or have improvements), please send a problem report
with the send-pr tool.

Changes since 3.4.25:

* fix parsing and printing of NAT rules with regression tests
* adjust TCP checksums inside ICMP errors
* fix the macros defined for SIOCAUTHR and SIOCAUTHW
* fix the H.323 proxy so it no longer panics
* fix comparing state information to delete state table entries
* flag packets as being "bad state" if they're outside the window
* be stricter about what packets match a TCP state table entry
* add patches to handle TCP window scaling
* don't update TCP state table entries if the packet is not considered to be
  part of the connection
* ipfs wasn't allowing -i command line option in getopt
* more regression tests added

Martti

---
Martti Kuparinen <martti.kuparinen@iki.fi>      NetBSD - No media hype
http://www.iki.fi/kuparine/                     http://www.netbsd.org/