kern/57428: a couple of new sysctl to toggle which IP firewall
(IPFW or IPF) would process packets first
Pawel Malachowski
pawmal-posting at freebsd.lublin.pl
Tue Sep 30 15:10:21 PDT 2003
The following reply was made to PR kern/57428; it has been noted by GNATS.
From: Pawel Malachowski <pawmal-posting at freebsd.lublin.pl>
To: ale at unixmania.net
Cc: FreeBSD-gnats-submit at freebsd.org
Subject: Re: kern/57428: a couple of new sysctl to toggle which IP firewall (IPFW or IPF) would process packets first
Date: Wed, 1 Oct 2003 00:07:15 +0200
> >Description:
> Sometimes in my job as netadmin I found possibility to choose
> which IP firewall, among IPFW(2) and IPFilter, would process packets
> first would be a very useful thing. Think about complex firewall
> rules where a single IP firewall is not enough because of very good
> NAT capabilities of IPF and/or fine bandwidth control of IPFW.
> By default FreeBSD kernel process IPFilter hooks before IPFW ones.
> The attached patch, while style(9)-istically absolutely horrible ;),
> allow toggle such default for both input and output packets.
> Few days of test on a moderately load home server said it seems
> to work as expected, but it defintely need more testing.
Just for audit-trail: this PR is also related with kern/46564.
--
Pawe³ Ma³achowski
More information about the freebsd-bugs
mailing list