Bug 129024 - [patch] ipfw(8) improvements
Summary: [patch] ipfw(8) improvements
Status: Open
Alias: None
Product: Documentation
Classification: Unclassified
Component: Manual Pages (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Gordon Bergling
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2008-11-20 20:20 UTC by kes-kes
Modified: 2020-11-14 23:38 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description kes-kes 2008-11-20 20:20:01 UTC
     divert port
	     Divert packets that match this rule to the divert(4) socket bound
-	     to port port.  The search terminates.
+	     to port port.  The search terminates. however,
+	     on exit from the pipe and if the sysctl(8) variable
+	     net.inet.ip.fw.one_pass is not set, the packet is passed again to
+            the firewall code starting from the next rule.

     fwd | forward ipaddr | tablearg[,port]
	     Change the next-hop on matching packets to ipaddr, which can be
	     an IP address or a host name.  The next hop can also be supplied
	     by the last table looked up for the packet by using the tablearg
	     keyword instead of an explicit address.  The search terminates if
-	     this rule matches.
+	     this rule matches. however,
+	     on exit from the pipe and if the sysctl(8) variable
+	     net.inet.ip.fw.one_pass is not set, the packet is passed again to
+            the firewall code starting from the next rule.


-----------------

-     addr: [not] {any | me | me6 | table(number[,value]) | addr-list |
-             addr-set}
+     addr: [not] {any | me | me6 | iface | table(number[,value]) | addr-list |
+             addr-set}

     any     matches any IP address.

-     me      matches any IP address configured on an interface in the system.
+     me      matches any IP address configured on any interface in the system.

     me6     matches any IPv6 address configured on an interface in the sys-
             tem.  The address list is evaluated at the time the packet is an-
             alysed.

+     iface   where iface is interface on system. In this case
+             addresses configures only on this interface will match

------------------
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2008-11-20 22:40:32 UTC
Responsible Changed
From-To: freebsd-bugs->freebsd-doc

Reclassify.
Comment 2 Giorgos Keramidas freebsd_committer 2009-01-27 00:01:56 UTC
Responsible Changed
From-To: freebsd-doc->keramida

Parts of this look interesting.  I'll take care of that.
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2015-03-10 03:04:28 UTC
Release to wild.
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2020-09-01 00:37:10 UTC
^Triage: reset inaccurate In Progress state.