Date: Fri, 16 Aug 2002 03:31:48 -0700 (PDT) From: Luigi Rizzo <luigi@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/netinet ip_fw2.c src/sbin/ipfw ipfw.8 ipfw2.c Message-ID: <200208161031.g7GAVmQ7053775@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
luigi 2002/08/16 03:31:47 PDT
Modified files:
sys/netinet ip_fw2.c
sbin/ipfw ipfw.8 ipfw2.c
Log:
sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
for firewall-generated packets (the constant has to go in sys/mbuf.h).
Better comments on keepalive generation, and enforce dyn_rst_lifetime
and dyn_fin_lifetime to be less than dyn_keepalive_period.
Enforce limits (up to 64k) on the number of dynamic buckets, and
retry allocation with smaller sizes.
Raise default number of dynamic rules to 4096.
Improved handling of set of rules -- now you can atomically
enable/disable multiple sets, move rules from one set to another,
and swap sets.
sbin/ipfw/ipfw2.c:
userland support for "noerror" pipe attribute.
userland support for sets of rules.
minor improvements on rule parsing and printing.
sbin/ipfw/ipfw.8:
more documentation on ipfw2 extensions, differences from ipfw1
(so we can use the same manpage for both), stateful rules,
and some additional examples.
Feedback and more examples needed here.
Revision Changes Path
1.106 +370 -67 src/sbin/ipfw/ipfw.8
1.10 +156 -49 src/sbin/ipfw/ipfw2.c
1.9 +116 -47 src/sys/netinet/ip_fw2.c
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208161031.g7GAVmQ7053775>