For the moment
	Network configuration
		static
		DHCP
		PPPOE
		(CARP) + pfsync + confsync
	Firewall rules
		firewall
		nat
		rdr
		logging
	THAT'S ALL FOLKS !


http://www.openbsd.org/faq/pf/options.html#state-policy

http://www.openbsd.org/faq/pf/filter.html
antispoof
urpf-failed

block in quick from urpf-failed


tables ALWAYS refer to file

macro ONLY exists for ports/interfaces

block or rule
commentaries

sqlite backend

so bad ... but needed

ANCHORS !!!
http://www.openbsd.org/faq/pf/anchors.html
	anchor (group)
		subcolor in GUI

TABLES
	persist
	(const)
	Ex: table <goodguys> { 192.0.2.0/24, !192.0.2.5 } 
using of dynamic interface address resolution -> parenthesys

External file referenced (for custom edit)
	could be included anywhere
	independant parsing / validation
	independant activation / logging (block / match)

Pending / validation awaiting
	version management
	management approval


Extensive usage of pflogd syntax
	separate audit files
	separate alerting files (monitoring daemon ?)

Group interfaces !!! fucking feature
	configured through ifconfig group group-name


NAT
	source nating systems (pools)
	static-port (SIP/STUN)

TCP proxying
	http://www.openbsd.org/faq/pf/rdr.html#tcpproxy

WTF !?!?
	pre = "pass in quick on ep0 inet proto tcp from "
	post = "to any port { 80, 6667 } keep state"

	$pre 21.14.24.80 $post

	$pre 24.2.74.79 $post
	$pre 24.2.74.178 $post 




Example
# block
# of
# comment
rule 1

# comment 2
unmatched ruleset

could'nt be parsed


rule 2

>>>

comment[0]: block\nof\comment
rule[0]: rule 1
<br>
comment[1]: comment 2
text[0]: unmatched ruleset\n\ncould'nt be parsed
<hr>
rule[1]: rule 2

Logging / reporting
	http://www.openbsd.org/faq/pf/logging.html

TODO:
	Packet tagging making things understable / easier ?
	http://www.openbsd.org/faq/pf/tagging.html


LB (not for the moment)
	http://www.openbsd.org/faq/pf/pools.html