Date: Thu, 10 Mar 2016 13:35:41 -0600 From: Mark Felder <feld@FreeBSD.org> To: Ian Smith <smithi@nimnet.asn.au>, Don Lewis <truckman@freebsd.org> Cc: freebsd-ipfw@freebsd.org, fjwcash@gmail.com Subject: Re: ipwf dummynet vs. kernel NAT and firewall rules Message-ID: <1457638541.445340.545617522.5FF4A6BE@webmail.messagingengine.com> In-Reply-To: <20160310165323.U61428@sola.nimnet.asn.au> References: <201603092302.u29N2IYm012240@gw.catspoiler.org> <20160310165323.U61428@sola.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Mar 10, 2016, at 00:53, Ian Smith wrote: > On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote: > > On 9 Mar, Don Lewis wrote: > > > On 9 Mar, Don Lewis wrote: > > >> On 9 Mar, Don Lewis wrote: > > >>> On 9 Mar, Freddie Cash wrote: > > >>>> > > >>>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? > > >>> > > >>> Aha, I've got it set to 1. > > I observe that in 99 cases out of 100, the default of 1 is undesired, > but it's too late to do anything but advise people - thanks Freddie! > Is there any reason why we shouldn't just change the default for 11-RELEASE? -- Mark Felder ports-secteam member feld@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1457638541.445340.545617522.5FF4A6BE>