When natd tries to reinject a packet which is denied by a (later) ipfw rule annoying logmessages of the form: natd[pid]: failed to write packet back (Permission denied) are generated. This patch adds an option to suppress these messages. Fix: Apply patch from: http://www.batmule.dk/FreeBSD/natd.EACCES.udiff Add "-nolog_ipfw_denied" to natd commandline Messages suppressed. The patch has been tested on 3 moderatly used firewalls for nearly 5+ months without any noticeable ill effects. How-To-Repeat: Install FreeBSD on system with two network cards. Setup nat'ing. Add an ipfw after the divert rule denying traffic. Watch the logmessages.
State Changed From-To: open->closed With my MAINTAINER hat on, I don't like this option. This error usually indicates a misconfigured firewall. It is almost always possible to write firewall rules that do not result in EACCES from firewall.
State Changed From-To: closed->open I will reconsider introducing this option.
Responsible Changed From-To: freebsd-bugs->ru I'm the maintainer of natd(8).
State Changed From-To: open->closed The new option -log_ipfw_denied was introduced, active by default with the -verbose option.