On Oct 31, 2014 12:12 PM, "John-Mark Gurney" <j...@funkthat.com> wrote: > > Can any one think of a good reason not to enable IPDIVERT sockets in > the ipfw module? > > And possibly enabling default to accept? That way you don't have to > go to the console when you load the ipfw module because you forgot to > auto add the accept all rule? :)
You can change the default rule to accept via loader.conf and it will be set when the module is loaded. net.inet.IP.fw.default_to_accept or something Luke that. > something like: > ==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 - /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ==== > --- /tmp/tmp.15774.16 2014-10-31 12:11:56.000000000 -0700 > +++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile 2014-10-31 12:11:54.000000000 -0700 > @@ -16,7 +16,10 @@ > #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100 > # > #If you want it to pass all packets by default > -#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT > +CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT > +# > +#If you want divert sockets > +CFLAGS+= -DIPDIVERT > # > > .include <bsd.kmod.mk> > > -- > John-Mark Gurney Voice: +1 415 225 5579 > > "All that I will do, has been done, All that I have, has not." > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
