Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 31 Oct 2014 18:28:28 -0700
From:      Freddie Cash <fjwcash@gmail.com>
To:        FreeBSD Arch <freebsd-arch@freebsd.org>, freebsd-net <freebsd-net@freebsd.org>
Subject:   Re: any reason not to enable IPDIVERT for ipfw module?
Message-ID:  <CAOjFWZ7EZUHi%2B7VgQ53os4MYuZT6SSf89B1dQSPX-SZLrhFzzw@mail.gmail.com>
In-Reply-To: <20141031191212.GO8852@funkthat.com>
References:  <20141031191212.GO8852@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Oct 31, 2014 12:12 PM, "John-Mark Gurney" <jmg@funkthat.com> wrote:
>
> Can any one think of a good reason not to enable IPDIVERT sockets in
> the ipfw module?
>
> And possibly enabling default to accept?   That way you don't have to
> go to the console when you load the ipfw module because you forgot to
> auto add the accept all rule? :)

You can change the default rule to accept via loader.conf and it will be
set when the module is loaded.

net.inet.IP.fw.default_to_accept or something Luke that.


> something like:
> ==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 -
/home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ====
> --- /tmp/tmp.15774.16   2014-10-31 12:11:56.000000000 -0700
> +++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile
 2014-10-31 12:11:54.000000000 -0700
> @@ -16,7 +16,10 @@
>  #CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
>  #
>  #If you want it to pass all packets by default
> -#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
> +CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
> +#
> +#If you want divert sockets
> +CFLAGS+= -DIPDIVERT
>  #
>
>  .include <bsd.kmod.mk>
>
> --
>   John-Mark Gurney                              Voice: +1 415 225 5579
>
>      "All that I will do, has been done, All that I have, has not."
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOjFWZ7EZUHi%2B7VgQ53os4MYuZT6SSf89B1dQSPX-SZLrhFzzw>