Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2
Rodney W. Grimes
freebsd-rwg at pdx.rh.CN85.dnsmgr.net
Thu May 24 15:18:53 UTC 2018
> Hello,
>
> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the
> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to
> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on
> both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1'
> to be able to reload firewall rules with 'service ipfw restart' without breaking
> existing TCP connections. As this sysctl variable is still mentioned in ipfw(8)
> man page, will it be brought back in future versions, or there will be an
> alternative solution for firewall rules reload?
As a follow up to this discusion, there has been a merge of code
into the stable/11 branch that should be in the 11.2-BETA3 build
that corrects this missing sysctl, could you please test this
build when it comes out and provide feed back to how it works
for you.
Thanks,
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-ipfw
mailing list