git: 6b8183c70caa - stable/12 - ipfw.8: Adjust section for loader tunables
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 02 Oct 2023 09:10:00 UTC
The branch stable/12 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=6b8183c70caaa4c8b29e8528d86ff99616da4d47 commit 6b8183c70caaa4c8b29e8528d86ff99616da4d47 Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2023-09-28 04:58:44 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2023-10-02 09:08:55 +0000 ipfw.8: Adjust section for loader tunables Move the descriptions of loader tunables from section 'SYSCTL VARIABLES' to section 'LOADER TUNABLES'. See also 49197c391b3d (ipfw: Add sysctl flag CTLFLAG_TUN to loader tunables). MFC after: 2 days Differential Revision: https://reviews.freebsd.org/D41981 (cherry picked from commit 12349f38898f231ca803dcf526bac88cb1b5cd2b) (cherry picked from commit bb6f9a95402a6c3ab8167481b81465f8ad5016fc) (cherry picked from commit e31a331ddda6ffcb711bb950794be5d53e537e2a) --- sbin/ipfw/ipfw.8 | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 512ad5baf90e..cdf9cc29fe3b 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd April 25, 2023 +.Dd September 28, 2023 .Dt IPFW 8 .Os .Sh NAME @@ -3683,6 +3683,16 @@ or .Xr kenv 1 before ipfw module gets loaded. .Bl -tag -width indent +.It Va net.inet.ip.fw.enable : No 1 +Enables the firewall. +Setting this variable to 0 lets you run your machine without +firewall even if compiled in. +.It Va net.inet6.ip6.fw.enable : No 1 +provides the same functionality as above for the IPv6 case. +.It Va net.link.ether.ipfw : No 0 +Controls whether layer2 packets are passed to +.Nm . +Default is no. .It Va net.inet.ip.fw.default_to_accept : No 0 Defines ipfw last rule behavior. This value overrides @@ -4076,12 +4086,6 @@ Keep dynamic states on rule/set deletion. States are relinked to default rule (65535). This can be handly for ruleset reload. Turned off by default. -.It Va net.inet.ip.fw.enable : No 1 -Enables the firewall. -Setting this variable to 0 lets you run your machine without -firewall even if compiled in. -.It Va net.inet6.ip6.fw.enable : No 1 -provides the same functionality as above for the IPv6 case. .It Va net.inet.ip.fw.one_pass : No 1 When set, the packet exiting from the .Nm dummynet @@ -4098,10 +4102,6 @@ Enables verbose messages. Limits the number of messages produced by a verbose firewall. .It Va net.inet6.ip6.fw.deny_unknown_exthdrs : No 1 If enabled packets with unknown IPv6 Extension Headers will be denied. -.It Va net.link.ether.ipfw : No 0 -Controls whether layer2 packets are passed to -.Nm . -Default is no. .It Va net.link.bridge.ipfw : No 0 Controls whether bridged packets are passed to .Nm .