ipfw output FWD broken on 6.1 and newer?
Freddie Cash
fcash at ocis.net
Thu Aug 3 15:29:53 UTC 2006
On Wed, August 2, 2006 5:45 pm, Julian Elischer wrote:
> I haven't tried 7.x yet but has anyone seen
> the FWD command of ipfw running on 6.1?
>
> or anyone know of problems with it that may have been fixed on
> -current?
It's working fine for us here. Been using the same kernel config file
(with the needed changes from 4.x to 5.x to 6.x) and ruleset on our
firewalls. They started life as FreeBSD 4.2 boxes, were upgraded
through to 4.11, and then re-installed with 6.0 and finally upgraded
to 6.1.
The kernel config section for our firewall kernels is just:
# Firewall options
options IPSTEALTH
options IPDIVERT
options DUMMYNET
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=500
options IPFIREWALL_DEFAULT_TO_ACCEPT
We used fwd rules a lot for our VPN links between schools, and a
couple of sites use them for trasparent proxying using
squid+dansguardian. Haven't had any issues so far.
We've never included the _EXTENDED option, nor really seen a need for
it (or a problem without it).
HTH,
----
Freddie Cash
fcash at ocis.net
More information about the freebsd-current
mailing list