svn commit: r346181 - in stable/11: etc/defaults etc/rc.d share/man/man5

Andrey V. Elsukov ae at FreeBSD.org
Tue Sep 3 14:07:36 UTC 2019 

Author: ae
Date: Sat Apr 13 09:06:36 2019
New Revision: 346181
URL: https://svnweb.freebsd.org/changeset/base/346181

Log:
  MFC r345450:
    Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
  
    modules by declaring corresponding variables in rc.conf. Also document
    them in rc.conf(5).
  
    Submitted by:	Dries Michiels
    Differential Revision:	https://reviews.freebsd.org/D19673
  
  MFC r345985:
    Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf

Modified:
  stable/11/etc/defaults/rc.conf
  stable/11/etc/rc.d/ipfw
  stable/11/share/man/man5/rc.conf.5
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/etc/defaults/rc.conf
==============================================================================
--- stable/11/etc/defaults/rc.conf	Sat Apr 13 08:55:49 2019	(r346180)
+++ stable/11/etc/defaults/rc.conf	Sat Apr 13 09:06:36 2019	(r346181)
@@ -168,6 +168,9 @@ firewall_nologports="135-139,445 1026,1027 1433,1434" 
 firewall_nat_enable="NO"	# Enable kernel NAT (if firewall_enable == YES)
 firewall_nat_interface=""	# Public interface or IPaddress to use
 firewall_nat_flags=""		# Additional configuration parameters
+firewall_nat64_enable="NO"	# Enable kernel NAT64 module.
+firewall_nptv6_enable="NO"	# Enable kernel NPTv6 module.
+firewall_pmod_enable="NO"	# Enable kernel protocols modification module.
 dummynet_enable="NO"		# Load the dummynet(4) module
 ipfw_netflow_enable="NO"	# Enable netflow logging via ng_netflow
 ip_portrange_first="NO"		# Set first dynamically allocated port

Modified: stable/11/etc/rc.d/ipfw
==============================================================================
--- stable/11/etc/rc.d/ipfw	Sat Apr 13 08:55:49 2019	(r346180)
+++ stable/11/etc/rc.d/ipfw	Sat Apr 13 09:06:36 2019	(r346181)
@@ -34,6 +34,15 @@ ipfw_prestart()
 	if checkyesno firewall_nat_enable; then
 		required_modules="$required_modules ipfw_nat"
 	fi
+	if checkyesno firewall_nat64_enable; then
+		required_modules="$required_modules ipfw_nat64"
+	fi
+	if checkyesno firewall_nptv6_enable; then
+		required_modules="$required_modules ipfw_nptv6"
+	fi
+	if checkyesno firewall_pmod_enable; then
+		required_modules="$required_modules ipfw_pmod"
+	fi
 }
 
 ipfw_start()

Modified: stable/11/share/man/man5/rc.conf.5
==============================================================================
--- stable/11/share/man/man5/rc.conf.5	Sat Apr 13 08:55:49 2019	(r346180)
+++ stable/11/share/man/man5/rc.conf.5	Sat Apr 13 09:06:36 2019	(r346181)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 17, 2017
+.Dd March 21, 2019
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -568,9 +568,11 @@ equivalent of
 .Va natd_enable .
 Setting this to
 .Dq Li YES
-enables kernel NAT.
+will automatically load the
+.Xr ipfw 8
+NAT kernel module if
 .Va firewall_enable
-must also be set to
+is also set to
 .Dq Li YES .
 .It Va firewall_nat_interface
 .Pq Vt str
@@ -583,6 +585,36 @@ kernel NAT should run.
 .It Va firewall_nat_flags
 .Pq Vt str
 Additional configuration parameters for kernel NAT should be placed here.
+.It Va firewall_nat64_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+NAT64 kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
+.It Va firewall_nptv6_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+NPTv6 kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
+.It Va firewall_pmod_enable
+.Pq Vt bool
+Setting this to
+.Dq Li YES
+will automatically load the
+.Xr ipfw 8
+pmod kernel module if
+.Va firewall_enable
+is also set to
+.Dq Li YES .
 .It Va dummynet_enable
 .Pq Vt bool
 Setting this to

More information about the svn-src-all mailing list