cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options
src/sys/netinet ip_input.c ip_output.c
Gleb Smirnoff
glebius at freebsd.org
Tue Feb 22 23:58:27 GMT 2005
On Wed, Feb 23, 2005 at 02:12:33AM +0300, Maxim Konovalov wrote:
M> > Since a new additional kernel option is now required to obtain a
M> > functionality, that was present before without this option, this change
M> > deserves a note in UPDATING and probably in 5.4 release notes.
M>
M> POLA violation detected, please update UPDATING.
Yes. To keep POLA an option IP_FIREWALL_LIMITED should be used. Turning
this option on should lead to a limited functionality of 'fwd' keyword,
that we have now by default. A kernel without this option should retain
the same ipfw fwd behavior, that we have had for many years.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the cvs-all
mailing list