From owner-freebsd-ipfw@freebsd.org Thu Mar 10 19:35:42 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B815ACB0C0 for ; Thu, 10 Mar 2016 19:35:42 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40B3930B for ; Thu, 10 Mar 2016 19:35:42 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4D75120AF5 for ; Thu, 10 Mar 2016 14:35:41 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute4.internal (MEProxy); Thu, 10 Mar 2016 14:35:41 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=Otq8HDdEfZOt6r3 ylqjYD0nF/jk=; b=hPk6clwsGapm1EOkuIU9IsOvoaPPNc2QigPDOqTb9VwP9Dl FHaeFR3GFaqdautKNRLIj/esYWoVVrPrNxnoSRouMs+5UE6sVodCAkILpgpaSFfE Q7NJnVeLbWhzKbrcKcFhlWlf5eqWkaPpl/X6OnWPtp/Q4aUHWOgR+yX6vFr4= Received: by web6.nyi.internal (Postfix, from userid 99) id 2922C4F5B6; Thu, 10 Mar 2016 14:35:41 -0500 (EST) Message-Id: <1457638541.445340.545617522.5FF4A6BE@webmail.messagingengine.com> X-Sasl-Enc: mlQ24UJphKtGTw1Su/tEMEaOo8zzCoY/UCLHy+GPxQtG 1457638541 From: Mark Felder To: Ian Smith , Don Lewis Cc: freebsd-ipfw@freebsd.org, fjwcash@gmail.com MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-b28110db In-Reply-To: <20160310165323.U61428@sola.nimnet.asn.au> References: <201603092302.u29N2IYm012240@gw.catspoiler.org> <20160310165323.U61428@sola.nimnet.asn.au> Subject: Re: ipwf dummynet vs. kernel NAT and firewall rules Date: Thu, 10 Mar 2016 13:35:41 -0600 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Mar 2016 19:35:42 -0000 On Thu, Mar 10, 2016, at 00:53, Ian Smith wrote: > On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote: > > On 9 Mar, Don Lewis wrote: > > > On 9 Mar, Don Lewis wrote: > > >> On 9 Mar, Don Lewis wrote: > > >>> On 9 Mar, Freddie Cash wrote: > > >>>> > > >>>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? > > >>> > > >>> Aha, I've got it set to 1. > > I observe that in 99 cases out of 100, the default of 1 is undesired, > but it's too late to do anything but advise people - thanks Freddie! > Is there any reason why we shouldn't just change the default for 11-RELEASE? -- Mark Felder ports-secteam member feld@FreeBSD.org