Date: Tue, 22 Feb 2005 17:40:41 +0000 (UTC) From: Andre Oppermann <andre@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options src/sys/netinet ip_input.c ip_output.c Message-ID: <200502221740.j1MHefOr065785@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
andre 2005-02-22 17:40:41 UTC
FreeBSD src repository
Modified files:
sbin/ipfw ipfw.8
sys/conf NOTES options
sys/netinet ip_input.c ip_output.c
Log:
Bring back the full packet destination manipulation for 'ipfw fwd'
with the kernel compile time option:
options IPFIREWALL_FORWARD_EXTENDED
This option has to be specified in addition to IPFIRWALL_FORWARD.
With this option even packets targeted for an IP address local
to the host can be redirected. All restrictions to ensure proper
behaviour for locally generated packets are turned off. Firewall
rules have to be carefully crafted to make sure that things like
PMTU discovery do not break.
Document the two kernel options.
PR: kern/71910
PR: kern/73129
MFC after: 1 week
Revision Changes Path
1.167 +14 -1 src/sbin/ipfw/ipfw.8
1.1301 +6 -0 src/sys/conf/NOTES
1.494 +1 -0 src/sys/conf/options
1.297 +12 -0 src/sys/netinet/ip_input.c
1.240 +5 -1 src/sys/netinet/ip_output.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502221740.j1MHefOr065785>