Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2
Andrey V. Elsukov
bu7cher at yandex.ru
Sun May 20 18:47:48 UTC 2018
On 20.05.2018 11:00, 藍挺瑋 wrote:
> Hello,
>
> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the
> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to
> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on
> both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1'
> to be able to reload firewall rules with 'service ipfw restart' without breaking
> existing TCP connections. As this sysctl variable is still mentioned in ipfw(8)
> man page, will it be brought back in future versions, or there will be an
> alternative solution for firewall rules reload?
Hi,
I'll try to implement this feature in this new implementation and will
report back to you. Unfortunately, it will not appear in 11.2-RELEASE,
but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE.
I'm sorry about that.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20180520/e643b226/attachment.sig>
More information about the freebsd-ipfw
mailing list