make buildkernel failed related to ip_divert module
Julian Elischer
julian at elischer.org
Tue Oct 26 11:19:17 PDT 2004
John Hay wrote:
>>>Is there any harm in making IPFIREWALL_FORWARD default for the ipfw
>>>module? For that matter, why have a separate FORWARD option and not
>>>just have it as part of the standard firewall stuff?
>>>
>>>
>>The reason is simple. FORWARD modifies the entire ip_input(), ip_output()
>>and tcp_input() path. This is not something that should be in stock kernels
>>unless you want to use 'ipfw fwd' (which is only a minority).
>>
>>
>
>Ok, what about another module, called say ipfwfwd or something, that is
>ipfw compiled with forwarding? Then one can just load the one
>apropriate for you.
>
no you misunderstood what he said..the IPFIREWALL_FORWARD option not
only modifies the
ipfw module but also modifies teh IP stack..
a special ipfw module would only have done half the change.. I don't
know how it would fail...
catastrophic or not, but it would definitly fail to work..
More information about the freebsd-current
mailing list