ipwf dummynet vs. kernel NAT and firewall rules
Mark Felder
feld at FreeBSD.org
Thu Mar 10 19:35:42 UTC 2016
On Thu, Mar 10, 2016, at 00:53, Ian Smith wrote:
> On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote:
> > On 9 Mar, Don Lewis wrote:
> > > On 9 Mar, Don Lewis wrote:
> > >> On 9 Mar, Don Lewis wrote:
> > >>> On 9 Mar, Freddie Cash wrote:
> > >>>>
> > >>>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1?
> > >>>
> > >>> Aha, I've got it set to 1.
>
> I observe that in 99 cases out of 100, the default of 1 is undesired,
> but it's too late to do anything but advise people - thanks Freddie!
>
Is there any reason why we shouldn't just change the default for
11-RELEASE?
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-ipfw
mailing list