Bug 57428
| Summary: | a couple of new sysctl to toggle which IP firewall (IPFW or IPF) would process packets first | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | ale <ale> | ||||
| Component: | kern | Assignee: | Andre Oppermann <andre> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | ||||||
| Priority: | Normal | ||||||
| Version: | 4.7-STABLE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
|
Description
ale
2003-09-30 22:50:26 UTC
> >Description:
> Sometimes in my job as netadmin I found possibility to choose
> which IP firewall, among IPFW(2) and IPFilter, would process packets
> first would be a very useful thing. Think about complex firewall
> rules where a single IP firewall is not enough because of very good
> NAT capabilities of IPF and/or fine bandwidth control of IPFW.
> By default FreeBSD kernel process IPFilter hooks before IPFW ones.
> The attached patch, while style(9)-istically absolutely horrible ;),
> allow toggle such default for both input and output packets.
> Few days of test on a moderately load home server said it seems
> to work as expected, but it defintely need more testing.
Just for audit-trail: this PR is also related with kern/46564.
--
Pawe³ Ma³achowski
State Changed From-To: open->closed See kern/46564 for description. Responsible Changed From-To: freebsd-bugs->andre Take over. |
