5.1->5.2
Guido van Rooij
guido at gvr.org
Fri Jan 16 01:27:12 PST 2004
On Thu, Jan 15, 2004 at 05:04:59PM -0500, Robert Watson wrote:
>
> IPFILTER now relies on the PFIL_HOOKS kernel option; this is something
> that is somewhat poorly documented, and we should add it to the errate I
> suspect. If you add "options PFIL_HOOKS" to your kernel config, it should
> work. Moving to PFIL_HOOKS for all the "funky IP input/ouput" feature is
> a goal for 5.3 (in fact, I believe Sam has it almost entirely done in one
> of his development branches), and should both simplify the input/output
> paths, and also simplify locking for the IP stack. So the change is for a
> good cause :-).
>
That reminds me: is there a way to influence the order in which
the various packages are hooked up? E.g. I can imagine
a situation where you want IPfilter NATting and ipfw filtering.
In such a scenario you want to be able to specify _exactly_
that ipfilter comes before ipfw when packets come in, and vice
versa when packets go out.
-Guido
More information about the freebsd-hackers
mailing list