Date: Wed, 23 Feb 2005 02:58:23 +0300 From: Gleb Smirnoff <glebius@freebsd.org> To: Maxim Konovalov <maxim@macomnet.ru> Cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options src/sys/netinet ip_input.c ip_output.c Message-ID: <20050222235823.GB18075@cell.sick.ru> In-Reply-To: <20050223021028.K62189@mp2.macomnet.net> References: <200502221740.j1MHefOr065785@repoman.freebsd.org> <20050222185929.GB16542@cell.sick.ru> <20050223021028.K62189@mp2.macomnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 23, 2005 at 02:12:33AM +0300, Maxim Konovalov wrote: M> > Since a new additional kernel option is now required to obtain a M> > functionality, that was present before without this option, this change M> > deserves a note in UPDATING and probably in 5.4 release notes. M> M> POLA violation detected, please update UPDATING. Yes. To keep POLA an option IP_FIREWALL_LIMITED should be used. Turning this option on should lead to a limited functionality of 'fwd' keyword, that we have now by default. A kernel without this option should retain the same ipfw fwd behavior, that we have had for many years. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222235823.GB18075>