Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Sep 2003 15:10:19 -0700 (PDT)
From:      Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/57428: a couple of new sysctl to toggle which IP firewall (IPFW or IPF) would process packets first
Message-ID:  <200309302210.h8UMAJkb063928@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/57428; it has been noted by GNATS.

From: Pawel Malachowski <pawmal-posting@freebsd.lublin.pl>
To: ale@unixmania.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/57428: a couple of new sysctl to toggle which IP firewall (IPFW or IPF) would process packets first
Date: Wed, 1 Oct 2003 00:07:15 +0200

 > >Description:
 > 	Sometimes in my job as netadmin I found possibility to choose
 > 	which IP firewall, among IPFW(2) and IPFilter, would process packets
 > 	first would be a very useful thing. Think about complex firewall
 > 	rules where a single IP firewall is not enough because of very good
 > 	NAT capabilities of IPF and/or fine bandwidth control of IPFW.
 > 	By default FreeBSD kernel process IPFilter hooks before IPFW ones.
 > 	The attached patch, while style(9)-istically absolutely horrible ;),
 > 	allow toggle such default for both input and output packets.
 > 	Few days of test on a moderately load home server said it seems
 > 	to work as expected, but it defintely need more testing.
 
 Just for audit-trail: this PR is also related with kern/46564.
 
 
 -- 
 Paweł Małachowski



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200309302210.h8UMAJkb063928>