cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options
src/sys/netinet ip_input.c ip_output.c
Gleb Smirnoff
glebius at freebsd.org
Tue Feb 22 18:59:33 GMT 2005
Thanks!
Since a new additional kernel option is now required to obtain a
functionality, that was present before without this option, this change
deserves a note in UPDATING and probably in 5.4 release notes.
On Tue, Feb 22, 2005 at 05:40:41PM +0000, Andre Oppermann wrote:
A> andre 2005-02-22 17:40:41 UTC
A>
A> FreeBSD src repository
A>
A> Modified files:
A> sbin/ipfw ipfw.8
A> sys/conf NOTES options
A> sys/netinet ip_input.c ip_output.c
A> Log:
A> Bring back the full packet destination manipulation for 'ipfw fwd'
A> with the kernel compile time option:
A>
A> options IPFIREWALL_FORWARD_EXTENDED
A>
A> This option has to be specified in addition to IPFIRWALL_FORWARD.
A>
A> With this option even packets targeted for an IP address local
A> to the host can be redirected. All restrictions to ensure proper
A> behaviour for locally generated packets are turned off. Firewall
A> rules have to be carefully crafted to make sure that things like
A> PMTU discovery do not break.
A>
A> Document the two kernel options.
A>
A> PR: kern/71910
A> PR: kern/73129
A> MFC after: 1 week
A>
A> Revision Changes Path
A> 1.167 +14 -1 src/sbin/ipfw/ipfw.8
A> 1.1301 +6 -0 src/sys/conf/NOTES
A> 1.494 +1 -0 src/sys/conf/options
A> 1.297 +12 -0 src/sys/netinet/ip_input.c
A> 1.240 +5 -1 src/sys/netinet/ip_output.c
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the cvs-all
mailing list