Re: Request for policy decision: kernel nat vs/and/or natd

Ian Smith wrote in <20110108220300.q15...@sola.nimnet.asn.au>: sm> On Sat, 8 Jan 2011 15:02:29 +1100, Ian Smith wrote: sm> > On Fri, 7 Jan 2011, Brandon Gooch wrote: sm> > > On Thu, Dec 23, 2010 at 8:58 AM, Ian Smith wrote: sm> [..] sm> > > > We could: sm> > > > sm> > > > 1) Preferen

CFR: ipfw0 pseudo-interface clonable

Hi, I created the attached patch to make the current ipfw0 pseudo-interface clonable. The functionality of ipfw0 logging interface is not changed by this patch, but the ipfw0 pseudo-interface is not created by default and can be created with the following command: # ifconfig ipfw0 create

Re: CFR: ipfw0 pseudo-interface clonable

"Alexander V. Chernikov" wrote in <4f96d11b.2060...@freebsd.org>: me> On 24.04.2012 19:26, Hiroki Sato wrote: me> > Hi, me> > me> > I created the attached patch to make the current ipfw0 me> > pseudo-interface clonable. The functionality of ipf

Re: CFR: ipfw0 pseudo-interface clonable

"Alexander V. Chernikov" wrote in <4f96e71b.9020...@freebsd.org>: me> On 24.04.2012 21:05, Hiroki Sato wrote: me> > "Alexander V. Chernikov" wrote me> >in<4f96d11b.2060...@freebsd.org>: me> > me> > me> On 24.04.2012 19:

Re: CFR: ipfw0 pseudo-interface clonable

Hiroki Sato wrote in <20120425.020518.406495893112283552@allbsd.org>: hr> "Alexander V. Chernikov" wrote hr> in <4f96d11b.2060...@freebsd.org>: hr> hr> me> On 24.04.2012 19:26, Hiroki Sato wrote: hr> me> > Hi, hr> me> > hr> me&g

net.inet{,6}.fw.enable in /etc/rc

Hi, I would like your comments about the attached patch to /etc/rc. The problem I want to fix by this patch is as follows. net.inet{,6}.fw.enable are set to 1 by default at boot time if IPFW kernel module is loaded or statically compiled into a kernel. And by default IPFW has only a "deny i

Re: net.inet{,6}.fw.enable in /etc/rc

Julian Elischer wrote in <542155fb.9020...@freebsd.org>: ju> On 9/23/14, 2:01 AM, Andrey V. Elsukov wrote: ju> > On 21.09.2014 09:58, Hiroki Sato wrote: ju> >> Hi, ju> >> ju> >> I would like your comments about the attached patch to /etc/rc. ju>

Re: net.inet{,6}.fw.enable in /etc/rc

Ian Smith wrote in <20141003025830.d48...@sola.nimnet.asn.au>: sm> which rules will be flushed when /etc/rc.d/ipfw runs, but should enable sm> DHCP to work? I'm not sure whether those rules are exactly correct or sm> sufficient for DHCP, but principle is to anly allow what's necessary in sm> t

Re: net.inet{,6}.fw.enable in /etc/rc

Ian Smith wrote in <20141013202423.j56...@sola.nimnet.asn.au>: sm> Anyway, looking at rcorder /etc/rc.d/* there are quite a few possible sm> interdependencies to explore before considering moving ipfw, including sm> its relationship to pf - some people do use both - and perhaps routing, sm> bri