Can any one think of a good reason not to enable IPDIVERT sockets in the ipfw module?
And possibly enabling default to accept? That way you don't have to go to the console when you load the ipfw module because you forgot to auto add the accept all rule? :) something like: ==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 - /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ==== --- /tmp/tmp.15774.16 2014-10-31 12:11:56.000000000 -0700 +++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile 2014-10-31 12:11:54.000000000 -0700 @@ -16,7 +16,10 @@ #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100 # #If you want it to pass all packets by default -#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT +CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT +# +#If you want divert sockets +CFLAGS+= -DIPDIVERT # .include <bsd.kmod.mk> -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"