any reason not to enable IPDIVERT for ipfw module?
Freddie Cash
fjwcash at gmail.com
Sat Nov 1 01:28:29 UTC 2014
On Oct 31, 2014 12:12 PM, "John-Mark Gurney" <jmg at funkthat.com> wrote:
>
> Can any one think of a good reason not to enable IPDIVERT sockets in
> the ipfw module?
>
> And possibly enabling default to accept? That way you don't have to
> go to the console when you load the ipfw module because you forgot to
> auto add the accept all rule? :)
You can change the default rule to accept via loader.conf and it will be
set when the module is loaded.
net.inet.IP.fw.default_to_accept or something Luke that.
> something like:
> ==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 -
/home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ====
> --- /tmp/tmp.15774.16 2014-10-31 12:11:56.000000000 -0700
> +++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile
2014-10-31 12:11:54.000000000 -0700
> @@ -16,7 +16,10 @@
> #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
> #
> #If you want it to pass all packets by default
> -#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
> +CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
> +#
> +#If you want divert sockets
> +CFLAGS+= -DIPDIVERT
> #
>
> .include <bsd.kmod.mk>
>
> --
> John-Mark Gurney Voice: +1 415 225 5579
>
> "All that I will do, has been done, All that I have, has not."
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
More information about the freebsd-arch
mailing list