Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 10 Mar 2016 13:35:41 -0600
From:      Mark Felder <feld@FreeBSD.org>
To:        Ian Smith <smithi@nimnet.asn.au>, Don Lewis <truckman@freebsd.org>
Cc:        freebsd-ipfw@freebsd.org, fjwcash@gmail.com
Subject:   Re: ipwf dummynet vs. kernel NAT and firewall rules
Message-ID:  <1457638541.445340.545617522.5FF4A6BE@webmail.messagingengine.com>
In-Reply-To: <20160310165323.U61428@sola.nimnet.asn.au>
References:  <201603092302.u29N2IYm012240@gw.catspoiler.org> <20160310165323.U61428@sola.nimnet.asn.au>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On Thu, Mar 10, 2016, at 00:53, Ian Smith wrote:
> On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote:
>  > On  9 Mar, Don Lewis wrote:
>  > > On  9 Mar, Don Lewis wrote:
>  > >> On  9 Mar, Don Lewis wrote:
>  > >>> On  9 Mar, Freddie Cash wrote:
>  > >>>> 
>  > >>>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1?
>  > >>> 
>  > >>> Aha, I've got it set to 1.
> 
> I observe that in 99 cases out of 100, the default of 1 is undesired,
> but it's too late to do anything but advise people - thanks Freddie!
> 

Is there any reason why we shouldn't just change the default for
11-RELEASE?


-- 
  Mark Felder
  ports-secteam member
  feld@FreeBSD.org



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?1457638541.445340.545617522.5FF4A6BE>