Date: Sun, 20 May 2018 21:45:23 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: =?UTF-8?B?6JeN5oy655GL?= <lantw44@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 Message-ID: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T Content-Type: multipart/mixed; boundary="xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: =?UTF-8?B?6JeN5oy655GL?= <lantw44@gmail.com> Cc: freebsd-ipfw@freebsd.org Message-ID: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> --xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.05.2018 11:00, =E8=97=8D=E6=8C=BA=E7=91=8B wrote: > Hello, >=20 > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I f= ound the > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it agai= n to > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I re= ly on > both 'net.inet.ip.fw.default_to_accept=3D1' and 'net.inet.ip.fw.dyn_kee= p_states=3D1' > to be able to reload firewall rules with 'service ipfw restart' without= breaking > existing TCP connections. As this sysctl variable is still mentioned in= ipfw(8) > man page, will it be brought back in future versions, or there will be = an > alternative solution for firewall rules reload? Hi, I'll try to implement this feature in this new implementation and will report back to you. Unfortunately, it will not appear in 11.2-RELEASE, but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE. I'm sorry about that. --=20 WBR, Andrey V. Elsukov --xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV-- --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlsBwkMACgkQAcXqBBDI oXpxOwf6AiywyrjRDqKiJbumroijsNej6ePEBtUI94WBY6DiEumw/sYfpLCxOxQ0 +V7uaPw93yQ7k301vA7oqol4EJWXIuYgRT12n6GxRc7mhWisHc+cNFXKkrFMXe4Z iql782JTx/qawTqq4FCvPMUBQCD8qyyNLAPhpw49TtKWRQChpiTqfTXa8d4/MVHR gXwYv83lt85iLrwCAkRaiF5Ae7zzWNQBdiRcAqSHItRaI7GtvS4JreCR4ccnqDnm NNkR15vX3ewg0z5UPOsp+eCT4W8gcQFn/rVwGkLxTMXKtBNNBCUOWjyA5KdoOSjH BJVEYdkHttSyVe6WqehzI1bU/zk5ig== =5h0T -----END PGP SIGNATURE----- --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8f9ed115-a4ea-c8a2-795b-ce5e77046123>