Date: Fri, 24 Jun 2005 15:29:23 +0300 From: Vlad GALU <vladgalu@gmail.com> To: freebsd-net@freebsd.org Subject: Re: ipfilter and ipfw order. Message-ID: <79722fad0506240529209b4781@mail.gmail.com> In-Reply-To: <42BBFB25.2080701@borderware.com> References: <42BBFB25.2080701@borderware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/24/05, ming fu <fming@borderware.com> wrote: > Hi, >=20 > In the 4.x kernel, ipfilter was hardcoded before ipfw in the ip_input(). > However, in the 5.x kernel, they register themselve to the pfil hook. As > there isn't a priority number during the hook up, looks like who ever > register first get to filter the packet first. >=20 > In case I want to preserve the 4.x behaviour of ipf before ipfw in the > input path, how do I reliable achieve that. Link ipfilter statically inside the kernel. Load ipfw as a module. >=20 > Regards, > Ming > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad0506240529209b4781>