ipfw(8) lookup tables now available for RELENG_4

Chuck Swiger cswiger at mac.com
Thu Jun 10 23:11:47 GMT 2004


Ruslan Ermilov wrote:
> For those of you interested, here you can find a patch that
> adds the IPFW2 lookup tables feature to RELENG_4:
> 
> http://people.FreeBSD.org/~ru/patches/ipfw_tables.patch
> 
> I plan to commit it next Friday.  Feedback is appreciated.

Was the patch not made relative to /usr/src?  The diff applied cleanly, but I 
had to invoke 'patch -p0' for it to find the files.

Anyway, I just finished rebuilding kernel and world, so the changes compile 
fine, and it looks like my machine rebooted cleanly.  Seems to work okay with 
a trivial IPFW2 ruleset, I haven't tried anything more complicated:

00100  78 25096 allow ip from any to any via lo0
00200   0     0 deny ip from any to 127.0.0.0/8
00300   0     0 deny ip from 127.0.0.0/8 to any
65000 513 53267 allow ip from any to any

	---

Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
         The Regents of the University of California. All rights reserved.
FreeBSD 4.10-STABLE #2: Thu Jun 10 18:41:59 EDT 2004
     root at sec.pkix.net:/usr/obj/usr/src/sys/NORMAL
Timecounter "i8254"  frequency 1193182 Hz
CPU: Intel(R) Celeron(TM) CPU                1400MHz (933.37-MHz 686-class 
CPU)  Origin = "GenuineIntel"  Id = 0x6b4  Stepping = 4
Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PA
real memory  = 201326592 (196608K bytes)
avail memory = 191160320 (186680K bytes)
Preloaded elf kernel "kernel" at 0xc0480000.
VESA: v3.0, 4096k memory, flags:0x1, mode table:0xc03f9642 (1000022)
VESA: STB Velocity 128 (RIVA 128)
Pentium Pro MTRR support enabled
md0: Malloc disk
Using $PIR table, 8 entries at 0xc00fdf40
apm0: <APM BIOS> on motherboard
apm0: found APM BIOS v1.2, connected at v1.2
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443LX (440 LX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
[ ... ]
DUMMYNET initialized (011031)
BRIDGE 020214 loaded
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to 
accept, logging limited to 100 packets/entry by default
IPsec: Initialized Security Association Processing.
ad0: 8223MB <ST38410A> [16708/16/63] at ata0-master UDMA33
Mounting root from ufs:/dev/ad0s2a

Thanks for the work to MFC this...

-- 
-Chuck



More information about the freebsd-stable mailing list