Date: Sun, 20 May 2018 16:00:54 +0800 From: =?Big5?Q?=C2=C5=AE=BC=DE=B3?= <lantw44@gmail.com> To: ae@freebsd.org Cc: freebsd-ipfw@freebsd.org Subject: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 Message-ID: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' to be able to reload firewall rules with 'service ipfw restart' without breaking existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) man page, will it be brought back in future versions, or there will be an alternative solution for firewall rules reload? Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?22feed0d6b659746619604cb20e2e091b79ca480.camel>