svn commit: r321128 - in head: etc/rc.d share/man/man5
Emmanuel Vadot
manu at FreeBSD.org
Tue Jul 18 14:02:04 UTC 2017
Author: manu
Date: Tue Jul 18 14:02:02 2017
New Revision: 321128
URL: https://svnweb.freebsd.org/changeset/base/321128
Log:
ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
While here correct some value in rc.conf(5) to be int and not str.
Sponsored by: Gandi.net
Modified:
head/etc/rc.d/ipfw_netflow
head/share/man/man5/rc.conf.5
Modified: head/etc/rc.d/ipfw_netflow
==============================================================================
--- head/etc/rc.d/ipfw_netflow Tue Jul 18 08:54:35 2017 (r321127)
+++ head/etc/rc.d/ipfw_netflow Tue Jul 18 14:02:02 2017 (r321128)
@@ -54,7 +54,7 @@ ipfw_netflow_status()
ipfw_netflow_start()
{
ipfw_netflow_is_running && err 1 "ipfw_netflow is already active"
- ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any
+ ipfw add ${ipfw_netflow_rule} ngtee ${ipfw_netflow_hook} ip from any to any ${ipfw_netflow_fib:+fib ${ipfw_netflow_fib}}
ngctl -f - <<-EOF
mkpeer ipfw: netflow ${ipfw_netflow_hook} iface0
name ipfw:${ipfw_netflow_hook} netflow
Modified: head/share/man/man5/rc.conf.5
==============================================================================
--- head/share/man/man5/rc.conf.5 Tue Jul 18 08:54:35 2017 (r321127)
+++ head/share/man/man5/rc.conf.5 Tue Jul 18 14:02:02 2017 (r321128)
@@ -602,12 +602,12 @@ By default a ipfw rule is inserted and all packets are
the ngtee command and netflow packets are sent to 127.0.0.1 on the netflow
port using protocol version 5.
.It Va ipfw_netflow_hook
-.Pq Vt str
+.Pq Vt int
netflow hook name, must be numerical
(default
.Pa 9995 ) .
.It Va ipfw_netflow_rule
-.Pq Vt str
+.Pq Vt int
ipfw rule number
(default
.Pa 1000 ) .
@@ -617,13 +617,18 @@ Destination server ip for receiving netflow data
(default
.Pa 127.0.0.1 ) .
.It Va ipfw_netflow_port
-.Pq Vt str
+.Pq Vt int
Destination server port for receiving netflow data
(default
.Pa 9995 ) .
.It Va ipfw_netflow_version
-.Pq Vt str
+.Pq Vt int
Do not set for using version 5 of the netflow protocol, set it to 9 for using version 9.
+.It Va ipfw_netflow_fib
+.Pq Vt int
+Only match packet in FIB
+.Pa ipfw_netflow_fib
+(default is undefined meaning all FIBs).
.It Va natd_program
.Pq Vt str
Path to
More information about the svn-src-head
mailing list