Date: Fri, 29 Dec 2006 21:59:18 +0000 (UTC) From: Paolo Pisati <piso@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/etc rc.firewall src/sbin/ipfw ipfw.8 ipfw2.c src/sys/netinet in.h ip_fw.h ip_fw2.c ip_fw_pfil.c raw_ip.c Message-ID: <200612292159.kBTLxITF046966@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
piso 2006-12-29 21:59:18 UTC
FreeBSD src repository
Modified files:
etc rc.firewall
sbin/ipfw ipfw.8 ipfw2.c
sys/netinet in.h ip_fw.h ip_fw2.c ip_fw_pfil.c
raw_ip.c
Log:
Summer of Code 2005: improve libalias - part 2 of 2
With the second (and last) part of my previous Summer of Code work, we get:
-ipfw's in kernel nat
-redirect_* and LSNAT support
General information about nat syntax and some examples are available
in the ipfw (8) man page. The redirect and LSNAT syntax are identical
to natd, so please refer to natd (8) man page.
To enable in kernel nat in rc.conf, two options were added:
o firewall_nat_enable: equivalent to natd_enable
o firewall_nat_interface: equivalent to natd_interface
Remember to set net.inet.ip.fw.one_pass to 0, if you want the packet
to continue being checked by the firewall ruleset after being
(de)aliased.
NOTA BENE: due to some problems with libalias architecture, in kernel
nat won't work with TSO enabled nic, thus you have to disable TSO via
ifconfig (ifconfig foo0 -tso).
Approved by: glebius (mentor)
Revision Changes Path
1.50 +8 -0 src/etc/rc.firewall
1.198 +114 -0 src/sbin/ipfw/ipfw.8
1.100 +908 -9 src/sbin/ipfw/ipfw2.c
1.97 +5 -0 src/sys/netinet/in.h
1.109 +60 -0 src/sys/netinet/ip_fw.h
1.156 +546 -2 src/sys/netinet/ip_fw2.c
1.24 +6 -0 src/sys/netinet/ip_fw_pfil.c
1.169 +4 -0 src/sys/netinet/raw_ip.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612292159.kBTLxITF046966>