Date: Tue, 22 Feb 2005 21:59:29 +0300 From: Gleb Smirnoff <glebius@freebsd.org> To: Andre Oppermann <andre@freebsd.org> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options src/sys/netinet ip_input.c ip_output.c Message-ID: <20050222185929.GB16542@cell.sick.ru> In-Reply-To: <200502221740.j1MHefOr065785@repoman.freebsd.org> References: <200502221740.j1MHefOr065785@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks! Since a new additional kernel option is now required to obtain a functionality, that was present before without this option, this change deserves a note in UPDATING and probably in 5.4 release notes. On Tue, Feb 22, 2005 at 05:40:41PM +0000, Andre Oppermann wrote: A> andre 2005-02-22 17:40:41 UTC A> A> FreeBSD src repository A> A> Modified files: A> sbin/ipfw ipfw.8 A> sys/conf NOTES options A> sys/netinet ip_input.c ip_output.c A> Log: A> Bring back the full packet destination manipulation for 'ipfw fwd' A> with the kernel compile time option: A> A> options IPFIREWALL_FORWARD_EXTENDED A> A> This option has to be specified in addition to IPFIRWALL_FORWARD. A> A> With this option even packets targeted for an IP address local A> to the host can be redirected. All restrictions to ensure proper A> behaviour for locally generated packets are turned off. Firewall A> rules have to be carefully crafted to make sure that things like A> PMTU discovery do not break. A> A> Document the two kernel options. A> A> PR: kern/71910 A> PR: kern/73129 A> MFC after: 1 week A> A> Revision Changes Path A> 1.167 +14 -1 src/sbin/ipfw/ipfw.8 A> 1.1301 +6 -0 src/sys/conf/NOTES A> 1.494 +1 -0 src/sys/conf/options A> 1.297 +12 -0 src/sys/netinet/ip_input.c A> 1.240 +5 -1 src/sys/netinet/ip_output.c -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222185929.GB16542>