From owner-freebsd-ipfw@freebsd.org Sun May 20 08:01:22 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE893EAB405 for ; Sun, 20 May 2018 08:01:22 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 61C1375A0E; Sun, 20 May 2018 08:01:22 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: by mail-pg0-x231.google.com with SMTP id 63-v6so2883158pgg.3; Sun, 20 May 2018 01:01:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=4Uyg3X4MrcRCBx5vtqABrZxWl0Nw8r1NxTPcwJFJtco=; b=WzzwPjXZoVObt5JJx3D4CoTOR19Fw7Dnqm0P9I5+qEi6fSqbviuJ8icr1gDulE7h5E 9v5fXrMySKLKrgTijYfftvLb7nXMpM8+tidJnLZlXzsUlFwKTrTjpYdUJykzfKm5rx3F TMLDSsN4MfO6IS2l820gmfu+88wFEhQiMj0iJARV/mVEthLhWEbfQZ91/u6QGL55qpkn 5eReBqtl/ySVvnH5vTUyWqFDOr/rUGm9DQ0azZIbeWf72DjkbYpqt2PyB8BQChO4REPt rvI6ofUXT0Dy/3KITrgsR3J/vmjeo27Dznm5zkz9j871pu3cgFEA04vsTJsPcmhuKDoz ODcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=4Uyg3X4MrcRCBx5vtqABrZxWl0Nw8r1NxTPcwJFJtco=; b=Z0tobupKwBMIbvkU/WmcH5ARcAw0ddgqXyXipsKrXxksZRpfP32W5mfObYyMd6ktg6 C6QFV4FOXWumYT71R/Sz8H3ZUizYt4wn+aAAa5EeWVtPB5W+k3sAn0u2UTNUGji4plTz 82kbhmNn2XJzN3PHNOMFp+CKxrg7E5ohSPLiLxGnf9xGQlZ1fdrcoda0pDuLXp3pC94t oJdguCddsF0tLhrsLV3rTJfLsxv+mM3UpVQdJdJK3z147GpFzDX2yaNXgnZOg/Aj1IDs rwEjF1hDmN5DYmHkGiG3ZoaVZYl2Ct/BF04TMghlUJzEy9S+7CBiXnwvlDJWmILasPfI D6RQ== X-Gm-Message-State: ALKqPwdnD9eTjrg0UnG6CKnkdScnjKke41t2Q15ONVd4DjGiXDQKs3vL oWO47xqarpu4bNjqrWFWfUTJsiHL X-Google-Smtp-Source: AB8JxZqbMjWXDLT+jJ3zmETpL+kgtmUFp1yMPaHQZqPwQhXQ22yoWYUyIK3weoorgPnMWxTN+QSBhg== X-Received: by 2002:a62:5b02:: with SMTP id p2-v6mr15614027pfb.96.1526803281362; Sun, 20 May 2018 01:01:21 -0700 (PDT) Received: from [192.168.1.92] (123-204-232-139.adsl.dynamic.seed.net.tw. [123.204.232.139]) by smtp.gmail.com with ESMTPSA id 76-v6sm9525007pge.8.2018.05.20.01.01.20 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 20 May 2018 01:01:20 -0700 (PDT) Message-ID: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> Subject: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 From: =?Big5?Q?=C2=C5=AE=BC=DE=B3?= To: ae@freebsd.org Cc: freebsd-ipfw@freebsd.org Date: Sun, 20 May 2018 16:00:54 +0800 Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.29.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sun, 20 May 2018 11:42:08 +0000 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 08:01:23 -0000 Hello, I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' to be able to reload firewall rules with 'service ipfw restart' without breaking existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) man page, will it be brought back in future versions, or there will be an alternative solution for firewall rules reload? Thanks. From owner-freebsd-ipfw@freebsd.org Sun May 20 18:47:48 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DBC8EEC055 for ; Sun, 20 May 2018 18:47:48 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward103o.mail.yandex.net (forward103o.mail.yandex.net [37.140.190.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9EA746B16A for ; Sun, 20 May 2018 18:47:47 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback12g.mail.yandex.net (mxback12g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:91]) by forward103o.mail.yandex.net (Yandex) with ESMTP id 1C7075881E9A; Sun, 20 May 2018 21:47:39 +0300 (MSK) Received: from smtp4p.mail.yandex.net (smtp4p.mail.yandex.net [2a02:6b8:0:1402::15:6]) by mxback12g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Q0ZrpaFd18-ld0a5Qfw; Sun, 20 May 2018 21:47:39 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1526842059; bh=Ca2ZXJptprJ1q22LlYQWwvMvzrkSH2Jnx6YB25GnbE0=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=Iy44nznwzioKdD3BEks3s2dRBXWkHeHe+fD85t1B31ikBeLzt9FVCadOed9GeKyvx N5gWUtHx/M5Le26cI/lmmKKfMp03MdJBMJwLAn+m2YTIvxz4p9kbgMCUDRawgvvnD7 4v+1yd4Wrww2nU2530l0RUvCoqQV0SZzkMMt+PLc= Received: by smtp4p.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 8oPNgnOt4R-lcp4aigf; Sun, 20 May 2018 21:47:38 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1526842058; bh=Ca2ZXJptprJ1q22LlYQWwvMvzrkSH2Jnx6YB25GnbE0=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=YL35aGr6bI3mV4NdbqzEO/b+3ClD9iMjUeVlHbpmbuqIZNQ9kbACEo7OVjWgSrEfW sQ1LGhxafoRMPm6SmjEXLL1Tv8LFeXIJKwVFoKNc9RVXcF3TSG6GxfpCOq2UN7ZsvV l4v67QTzkJVHvsN2V3nv/kAfnHXj6cDYebJGBvHU= Authentication-Results: smtp4p.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 To: =?UTF-8?B?6JeN5oy655GL?= Cc: freebsd-ipfw@freebsd.org References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> From: "Andrey V. Elsukov" Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Autocrypt: addr=bu7cher@yandex.ru; prefer-encrypt=mutual; keydata= xsBNBEwBF1kBCADB9sXFhBEUy8qQ4X63Y8eBatYMHGEFWN9ypS5lI3RE6qQW2EYbxNk7qUC5 21YIIS1mMFVBEfvR7J9uc7yaYgFCEb6Sce1RSO4ULN2mRKGHP3/Sl0ijZEjWHV91hY1YTHEF ZW/0GYinDf56sYpDDehaBF5wkWIo1+QK5nmj3vl0DIDCMNd7QEiWpyLVwECgLX2eOAXByT8B bCqVhJGcG6iFP7/B9Ll6uX5gb8thM9LM+ibwErDBVDGiOgvfxqidab7fdkh893IBCXa82H9N CNwnEtcgzh+BSKK5BgvPohFMgRwjti37TSxwLu63QejRGbZWSz3OK3jMOoF63tCgn7FvABEB AAHNIkFuZHJleSBWLiBFbHN1a292IDxhZUBmcmVlYnNkLm9yZz7CwHsEEwECACUCGwMGCwkI BwMCBhUIAgkKCwQWAgMBAh4BAheABQJMB/ruAhkBAAoJEAHF6gQQyKF6MLwH/3Ri/TZl9uo0 SepYWXOnxL6EaDVXDA+dLb1eLKC4PRBBjX29ttQ0KaWapiE6y5/AfzOPmRtHLrHYHjd/aiHX GMLHcYRXD+5GvdkK8iMALrZ28X0JXyuuZa8rAxWIWmCbYHNSBy2unqWgTI04Erodk90IALgM 9JeHN9sFqTM6zalrMnTzlcmel4kcjT3lyYw3vOKgoYLtsLhKZSbJoVVVlvRlGBpHFJI5AoYJ SyfXoN0rcX6k9X7Isp2K50YjqxV4v78xluh1puhwZyC0p8IShPrmrp9Oy9JkMX90o6UAXdGU KfdExJuGJfUZOFBTtNIMNIAKfMTjhpRhxONIr0emxxDOwE0ETAEXWQEIAJ2p6l9LBoqdH/0J PEFDY2t2gTvAuzz+8zs3R03dFuHcNbOwjvWCG0aOmVpAzkRa8egn5JB4sZaFUtKPYJEQ1Iu+ LUBwgvtXf4vWpzC67zs2dDuiW4LamH5p6xkTD61aHR7mCB3bg2TUjrDWn2Jt44cvoYxj3dz4 S49U1rc9ZPgD5axCNv45j72tggWlZvpefThP7xT1OlNTUqye2gAwQravXpZkl5JG4eOqJVIU X316iE3qso0iXRUtO7OseBf0PiVmk+wCahdreHOeOxK5jMhYkPKVn7z1sZiB7W2H2TojbmcK HZC22sz7Z/H36Lhg1+/RCnGzdEcjGc8oFHXHCxUAEQEAAcLAXwQYAQIACQUCTAEXWQIbDAAK CRABxeoEEMihegkYCAC3ivGYNe2taNm/4Nx5GPdzuaAJGKWksV+w9mo7dQvU+NmI2az5w8vw 98OmX7G0OV9snxMW+6cyNqBrVFTu33VVNzz9pnqNCHxGvj5dL5ltP160JV2zw2bUwJBYsgYQ WfyJJIM7l3gv5ZS3DGqaGIm9gOK1ANxfrR5PgPzvI9VxDhlr2juEVMZYAqPLEJe+SSxbwLoz BcFCNdDAyXcaAzXsx/E02YWm1hIWNRxanAe7Vlg7OL+gvLpdtrYCMg28PNqKNyrQ87LQ49O9 50IIZDOtNFeR0FGucjcLPdS9PiEqCoH7/waJxWp6ydJ+g4OYRBYNM0EmMgy1N85JJrV1mi5i Message-ID: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> Date: Sun, 20 May 2018 21:45:23 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T" X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 18:47:48 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T Content-Type: multipart/mixed; boundary="xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV"; protected-headers="v1" From: "Andrey V. Elsukov" To: =?UTF-8?B?6JeN5oy655GL?= Cc: freebsd-ipfw@freebsd.org Message-ID: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> --xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 20.05.2018 11:00, =E8=97=8D=E6=8C=BA=E7=91=8B wrote: > Hello, >=20 > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I f= ound the > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it agai= n to > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I re= ly on > both 'net.inet.ip.fw.default_to_accept=3D1' and 'net.inet.ip.fw.dyn_kee= p_states=3D1' > to be able to reload firewall rules with 'service ipfw restart' without= breaking > existing TCP connections. As this sysctl variable is still mentioned in= ipfw(8) > man page, will it be brought back in future versions, or there will be = an > alternative solution for firewall rules reload? Hi, I'll try to implement this feature in this new implementation and will report back to you. Unfortunately, it will not appear in 11.2-RELEASE, but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE. I'm sorry about that. --=20 WBR, Andrey V. Elsukov --xBgJmD0JyxF7FSbv1yp72NnKRqIbid7LV-- --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlsBwkMACgkQAcXqBBDI oXpxOwf6AiywyrjRDqKiJbumroijsNej6ePEBtUI94WBY6DiEumw/sYfpLCxOxQ0 +V7uaPw93yQ7k301vA7oqol4EJWXIuYgRT12n6GxRc7mhWisHc+cNFXKkrFMXe4Z iql782JTx/qawTqq4FCvPMUBQCD8qyyNLAPhpw49TtKWRQChpiTqfTXa8d4/MVHR gXwYv83lt85iLrwCAkRaiF5Ae7zzWNQBdiRcAqSHItRaI7GtvS4JreCR4ccnqDnm NNkR15vX3ewg0z5UPOsp+eCT4W8gcQFn/rVwGkLxTMXKtBNNBCUOWjyA5KdoOSjH BJVEYdkHttSyVe6WqehzI1bU/zk5ig== =5h0T -----END PGP SIGNATURE----- --N73g1YHxN2IoZP7uTUJnZpXuI2EIqLp2T-- From owner-freebsd-ipfw@freebsd.org Sun May 20 21:00:34 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B1E7FEEF49D for ; Sun, 20 May 2018 21:00:34 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 67F6770078 for ; Sun, 20 May 2018 21:00:34 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 22051EEF498; Sun, 20 May 2018 21:00:34 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0F72EEEF496 for ; Sun, 20 May 2018 21:00:34 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C5E677006E for ; Sun, 20 May 2018 21:00:33 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 045EE1B802 for ; Sun, 20 May 2018 21:00:33 +0000 (UTC) (envelope-from bugzilla-noreply@FreeBSD.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4KL0WrD060000 for ; Sun, 20 May 2018 21:00:32 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4KL0WKe059994 for ipfw@FreeBSD.org; Sun, 20 May 2018 21:00:32 GMT (envelope-from bugzilla-noreply@FreeBSD.org) Message-Id: <201805202100.w4KL0WKe059994@kenobi.freebsd.org> X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@FreeBSD.org using -f From: bugzilla-noreply@FreeBSD.org To: ipfw@FreeBSD.org Subject: Problem reports for ipfw@FreeBSD.org that need special attention Date: Sun, 20 May 2018 21:00:32 +0000 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 May 2018 21:00:34 -0000 To view an individual PR, use: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=(Bug Id). The following is a listing of current problems submitted by FreeBSD users, which need special attention. These represent problem reports covering all versions including experimental development code and obsolete releases. Status | Bug Id | Description ------------+-----------+--------------------------------------------------- New | 215875 | [ipfw] ipfw lookup tables do not support mbuf_tag 1 problems total for which you should take action. From owner-freebsd-ipfw@freebsd.org Mon May 21 12:41:11 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 64803EEFE7B for ; Mon, 21 May 2018 12:41:11 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id F41DE7C103 for ; Mon, 21 May 2018 12:41:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id B4EE6EEFE7A; Mon, 21 May 2018 12:41:10 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A290CEEFE79 for ; Mon, 21 May 2018 12:41:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3EDD27C101 for ; Mon, 21 May 2018 12:41:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 714F124216 for ; Mon, 21 May 2018 12:41:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4LCf9iG046741 for ; Mon, 21 May 2018 12:41:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4LCf94S046735 for ipfw@FreeBSD.org; Mon, 21 May 2018 12:41:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 228338] ipfw: ambiguous and bad resolving of AAAA hostnames Date: Mon, 21 May 2018 12:41:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: needs-qa X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: bugs.freebsd.org@mx.zzux.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: component Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2018 12:41:11 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228338 bugs.freebsd.org@mx.zzux.com changed: What |Removed |Added ---------------------------------------------------------------------------- Component|kern |bin --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Mon May 21 14:39:53 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6213EF2B11 for ; Mon, 21 May 2018 14:39:52 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 840AA80089 for ; Mon, 21 May 2018 14:39:52 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (220-253-153-85.dyn.iinet.net.au [220.253.153.85] (may be forged)) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w4LEdkUZ019596 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 21 May 2018 07:39:49 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 To: "Andrey V. Elsukov" , =?UTF-8?B?6JeN5oy655GL?= Cc: freebsd-ipfw@freebsd.org References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> From: Julian Elischer Message-ID: <34d30eca-bbb1-e0d0-3b7b-bc211421b665@freebsd.org> Date: Mon, 21 May 2018 22:39:38 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2018 14:39:53 -0000 On 21/5/18 2:45 am, Andrey V. Elsukov wrote: > On 20.05.2018 11:00, 藍挺瑋 wrote: >> Hello, >> >> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the >> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to >> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on >> both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' >> to be able to reload firewall rules with 'service ipfw restart' without breaking >> existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) >> man page, will it be brought back in future versions, or there will be an >> alternative solution for firewall rules reload? > Hi, > > I'll try to implement this feature in this new implementation and will > report back to you. Unfortunately, it will not appear in 11.2-RELEASE, > but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE. > I'm sorry about that. > I think a better idea would be to specify a rule number rather than just 1 or 0 Or at least be more flexible. I use a lot of dynamic rules that have actions like 'skipto' or nat From owner-freebsd-ipfw@freebsd.org Tue May 22 09:48:55 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DC008EEF5B5 for ; Tue, 22 May 2018 09:48:55 +0000 (UTC) (envelope-from crest@rlwinm.de) Received: from mail.rlwinm.de (mail.rlwinm.de [IPv6:2a01:4f8:171:f902::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6C5EB6C3EB for ; Tue, 22 May 2018 09:48:55 +0000 (UTC) (envelope-from crest@rlwinm.de) Received: from crest.bultmann.eu (unknown [IPv6:2a00:c380:c0d5:1:61e5:fb4c:5002:513f]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.rlwinm.de (Postfix) with ESMTPSA id DE209999D for ; Tue, 22 May 2018 09:48:52 +0000 (UTC) Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 To: freebsd-ipfw@freebsd.org References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> <34d30eca-bbb1-e0d0-3b7b-bc211421b665@freebsd.org> From: Jan Bramkamp Message-ID: <47b9dae6-854f-4cfd-c2e9-34e9fc7878e0@rlwinm.de> Date: Tue, 22 May 2018 11:48:50 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 MIME-Version: 1.0 In-Reply-To: <34d30eca-bbb1-e0d0-3b7b-bc211421b665@freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 09:48:56 -0000 On 21.05.18 16:39, Julian Elischer wrote: > On 21/5/18 2:45 am, Andrey V. Elsukov wrote: >> On 20.05.2018 11:00, 藍挺瑋 wrote: >>> Hello, >>> >>> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I >>> found the >>> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it >>> again to >>> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I >>> rely on >>> both 'net.inet.ip.fw.default_to_accept=1' and >>> 'net.inet.ip.fw.dyn_keep_states=1' >>> to be able to reload firewall rules with 'service ipfw restart' >>> without breaking >>> existing TCP connections. As this sysctl variable is still mentioned >>> in ipfw(8) >>> man page, will it be brought back in future versions, or there will >>> be an >>> alternative solution for firewall rules reload? >> Hi, >> >> I'll try to implement this feature in this new implementation and will >> report back to you. Unfortunately, it will not appear in 11.2-RELEASE, >> but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE. >> I'm sorry about that. >> > I think a better idea would be to specify a rule number rather than just > 1 or 0 > > Or at least be more flexible. > > I use a lot of dynamic rules that have actions like 'skipto' or nat It would be useful to make it part of the rule what should happen to its dynamic rules on deletion. An other useful solution would be to make part of the a sets semantics and offer the option to swap the rule semantics atomically with rule set swaps to allow for ruleset updates without losing state. From owner-freebsd-ipfw@freebsd.org Tue May 22 21:31:31 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B7BE9EAFF18 for ; Tue, 22 May 2018 21:31:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 4920969D91 for ; Tue, 22 May 2018 21:31:31 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 02DC0EAFF15; Tue, 22 May 2018 21:31:31 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E3087EAFF14 for ; Tue, 22 May 2018 21:31:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7C87469D89 for ; Tue, 22 May 2018 21:31:30 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C87B015599 for ; Tue, 22 May 2018 21:31:29 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4MLVTMV076098 for ; Tue, 22 May 2018 21:31:29 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4MLVTRr076097 for ipfw@FreeBSD.org; Tue, 22 May 2018 21:31:29 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ipfw@FreeBSD.org Subject: [Bug 228332] ipfw crashes with lookup tables or similiar configurations on ryzen Date: Tue, 22 May 2018 21:31:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 11.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: shitman71@hotmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ipfw@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2018 21:31:31 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228332 --- Comment #2 from SF --- Since reconfiguring my firewall with this knowledge iam experiencing no kernel-panics anymore. My computer is completely stable. --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-ipfw@freebsd.org Thu May 24 15:18:53 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C0541EF45F9 for ; Thu, 24 May 2018 15:18:53 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (br1.CN84in.dnsmgr.net [69.59.192.140]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 380BE716E6; Thu, 24 May 2018 15:18:52 +0000 (UTC) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: from pdx.rh.CN85.dnsmgr.net (localhost [127.0.0.1]) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3) with ESMTP id w4OFIm2q041006; Thu, 24 May 2018 08:18:48 -0700 (PDT) (envelope-from freebsd-rwg@pdx.rh.CN85.dnsmgr.net) Received: (from freebsd-rwg@localhost) by pdx.rh.CN85.dnsmgr.net (8.13.3/8.13.3/Submit) id w4OFIm64041005; Thu, 24 May 2018 08:18:48 -0700 (PDT) (envelope-from freebsd-rwg) From: "Rodney W. Grimes" Message-Id: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> To: "[?Big5?]" Date: Thu, 24 May 2018 08:18:48 -0700 (PDT) CC: ae@freebsd.org, freebsd-ipfw@freebsd.org X-Mailer: ELM [version 2.4ME+ PL121h (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2018 15:18:53 -0000 > Hello, > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on > both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' > to be able to reload firewall rules with 'service ipfw restart' without breaking > existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) > man page, will it be brought back in future versions, or there will be an > alternative solution for firewall rules reload? As a follow up to this discusion, there has been a merge of code into the stable/11 branch that should be in the 11.2-BETA3 build that corrects this missing sysctl, could you please test this build when it comes out and provide feed back to how it works for you. Thanks, -- Rod Grimes rgrimes@freebsd.org From owner-freebsd-ipfw@freebsd.org Fri May 25 13:42:54 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 057C3EB199F for ; Fri, 25 May 2018 13:42:54 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: from mail-pl0-x229.google.com (mail-pl0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C82282115; Fri, 25 May 2018 13:42:53 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: by mail-pl0-x229.google.com with SMTP id 30-v6so3190143pld.13; Fri, 25 May 2018 06:42:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=95qi+BUujhDruN567DGzuHva/ghz34wdSomJn3N8s+0=; b=Yz/vz7NdM6hPktlgmAFr8HvACVypKp7E7YGn0oI84JiWw4zufO6VJHrwSXy0CbYsee tSjjmDe04fPBUWKaZDTlMs9j/Axe4UUMLwxMfK/NyqBHze71PMT0f+cKW+wOan+EQbhi oIMWAK1GwET/NZwwqFjEFOlZv2N+b2m5ltttH6v6Fszfw4sBDsVdUFkd+yeBRIeMDM/U ChZfsFwEx3HGm1Fk6b7cfyPA5LQiVHIg1YzvaNZ7D3sEq/tK0+kGX5ogzIouoF4oMf3G NCd3QqvoQcT/lXu8EyHsj5UXiUPsgy6JFv82HcnHsy0I+O9oQtHqsZO2sbZF5fIO+UZ6 LR3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=95qi+BUujhDruN567DGzuHva/ghz34wdSomJn3N8s+0=; b=AnQ7y+VWWPfJf472PGZCh7vmG/KcI5rQDMH4C6Dq3vMzn85AgJliJeXbYKj7gH1znv lNGEfxKM6C3sp/aiWVgDiz+ndg6lsNNLMLIO4HCxfZug/Xt6HzPCi74T/wDAJd/9TU4n G8UtqFMuAOHXgdPsZOMfvhWt/gaxvggKOxIxgOTeQaK1q2qP4dZuFi7YVWEPNaGV0s+e w7JaMbiEWeEO/OR32h+NHSa4Ar/ZTZbOI47wumYhsOjvEu/ojfqlsxfdxKkqL6M7H5Lo 1z7JCPUsHKeEB5PawddTCDw1iRp21VBQ83zOgBueuVV1lvNq/CB8cxBdG0RMY47gavH3 ow6Q== X-Gm-Message-State: ALKqPwe637u1De3L0dPFWCj0lGPFLBza2hofum08POGLYMiUQaUEiJfW lny167zfGaDT9TdeF2F/YfByyXM9 X-Google-Smtp-Source: AB8JxZp7M5NMqP4pLJ7QTTXFpGkWqOF+xUOZIhtAafacOscyzoEre0TjAfwdoM1TYod3UrRb+43lRA== X-Received: by 2002:a17:902:aa03:: with SMTP id be3-v6mr2695287plb.61.1527255772387; Fri, 25 May 2018 06:42:52 -0700 (PDT) Received: from [192.168.1.92] (123-204-232-139.adsl.dynamic.seed.net.tw. [123.204.232.139]) by smtp.gmail.com with ESMTPSA id 65-v6sm47840385pgj.22.2018.05.25.06.42.50 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Fri, 25 May 2018 06:42:51 -0700 (PDT) Message-ID: <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com> Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 From: =?Big5?Q?=C2=C5=AE=BC=DE=B3?= To: "Rodney W. Grimes" Cc: ae@freebsd.org, freebsd-ipfw@freebsd.org Date: Fri, 25 May 2018 21:42:14 +0800 In-Reply-To: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> References: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.29.3 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Fri, 25 May 2018 13:52:35 +0000 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 May 2018 13:42:54 -0000 於 星期四,2018-05-24 於 08:18 -0700,Rodney W. Grimes 提到: > > Hello, > > > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found > > the > > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to > > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on > > both 'net.inet.ip.fw.default_to_accept=1' and > > 'net.inet.ip.fw.dyn_keep_states=1' > > to be able to reload firewall rules with 'service ipfw restart' without > > breaking > > existing TCP connections. As this sysctl variable is still mentioned in > > ipfw(8) > > man page, will it be brought back in future versions, or there will be an > > alternative solution for firewall rules reload? > > As a follow up to this discusion, there has been a merge of code > into the stable/11 branch that should be in the 11.2-BETA3 build > that corrects this missing sysctl, It is nice to know this! > could you please test this > build when it comes out and provide feed back to how it works > for you. Yes, I will test it. I already tested it on 11.2-BETA2 by manually applying patches from r333986 and 334039, and it worked fine for me. > > Thanks, From owner-freebsd-ipfw@freebsd.org Sat May 26 12:44:27 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E096AF74CF2 for ; Sat, 26 May 2018 12:44:26 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: from mail-pf0-x22f.google.com (mail-pf0-x22f.google.com [IPv6:2607:f8b0:400e:c00::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 511056E952; Sat, 26 May 2018 12:44:26 +0000 (UTC) (envelope-from lantw44@gmail.com) Received: by mail-pf0-x22f.google.com with SMTP id e9-v6so3805691pfi.4; Sat, 26 May 2018 05:44:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:in-reply-to:references :mime-version:content-transfer-encoding; bh=AaoSoaS64gpEmharIr+uv/Q7/TUGtBhmHWVzKEUvuOI=; b=RbNTcSkHd7/qcy6KgdVbJNCqCtu8+/wXVLEysx91AcOHI0yup0sJgPNMlBUJXN/GCV i0J2W69tm9Ee68TQTGrW0eWW90aSO0ZYGw9b8OJ49yeVgomXjSsPmAiodQyL7N5ZIfsO WOpYUXgqPUx5Vz50clh/j6gABupxW2afQHWMQ2gYY2Zfy0G27vdgo8WXYLDPnkBP/B96 WrsJm2XXysNQCXrp9sbJ+TT+CweqfJIObGKsFv2he79sZNPxBYyITFk5rPLBl0coBNtm BrAxXx15zYT0ksHMpFkN1CxpHdGVxSf19h453F0Uj5oH6v6ZC6/KkmBpnSMyG225dEq1 zHmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:mime-version:content-transfer-encoding; bh=AaoSoaS64gpEmharIr+uv/Q7/TUGtBhmHWVzKEUvuOI=; b=DbaMIZm1yD3pX0mtEpmTEKFhBKqsvfa7UyqDuruQ95sABAX6U+AtIWQuWauLw/I76A xP6NJFP6gW9lPOiuAaxZIQNyRm8J6wOy/YOlcMeIpCtdKD6O51OGIIFfOxTIhhR00qUc k/wj+eEfts2ocn3CTDEbKqY5HdPPqxZ1qyv7kJg17Q+00So4JY7ZZ0ffXkAkgBFMgcmQ ppyizj2S4W0mAy7el5pSgl95Fm2kDjdIZgiyD1Q9fQq957aYUOQVhJ6xEmJjMdaKMWnv EEpCXK2suQCPqJN1wMEB7KPhU+L36pghLWmlUqPY78fpHe7bCcUYx50mpup5OL6NsgSC CozQ== X-Gm-Message-State: ALKqPwcAaU/5qsaCuL7jWhswjq6yw8N/h3ylVnj9QLfX4czEsj20b3NK 2/sXGF8BHc41ZmZCq5clPoG9YwqE X-Google-Smtp-Source: AB8JxZqOtWs+c4XlWGKgxiWOlxmsIJRde8TGfZArcEknvPkAguaFfkGClFvbZS7yMwd4EFdWRe+K/w== X-Received: by 2002:aa7:8305:: with SMTP id t5-v6mr6404258pfm.198.1527338665375; Sat, 26 May 2018 05:44:25 -0700 (PDT) Received: from [192.168.1.92] (123-204-232-139.adsl.dynamic.seed.net.tw. [123.204.232.139]) by smtp.gmail.com with ESMTPSA id a4-v6sm59656505pfj.19.2018.05.26.05.44.23 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 26 May 2018 05:44:24 -0700 (PDT) Message-ID: <4bfc2e4e553e6b8620122cdd7562c6ebd810beba.camel@gmail.com> Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 From: =?Big5?Q?=C2=C5=AE=BC=DE=B3?= To: "Rodney W. Grimes" Cc: ae@freebsd.org, freebsd-ipfw@freebsd.org Date: Sat, 26 May 2018 20:43:40 +0800 In-Reply-To: <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com> References: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.29.3 Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Sat, 26 May 2018 13:57:37 +0000 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 May 2018 12:44:27 -0000 於 星期五,2018-05-25 於 21:42 +0800,藍挺瑋 提到: > 於 星期四,2018-05-24 於 08:18 -0700,Rodney W. Grimes 提到: > > > Hello, > > > > > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I > > > found > > > the > > > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again > > > to > > > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely > > > on > > > both 'net.inet.ip.fw.default_to_accept=1' and > > > 'net.inet.ip.fw.dyn_keep_states=1' > > > to be able to reload firewall rules with 'service ipfw restart' without > > > breaking > > > existing TCP connections. As this sysctl variable is still mentioned in > > > ipfw(8) > > > man page, will it be brought back in future versions, or there will be an > > > alternative solution for firewall rules reload? > > > > As a follow up to this discusion, there has been a merge of code > > into the stable/11 branch that should be in the 11.2-BETA3 build > > that corrects this missing sysctl, > > It is nice to know this! > > > could you please test this > > build when it comes out and provide feed back to how it works > > for you. > > Yes, I will test it. I already tested it on 11.2-BETA2 by manually applying > patches from r333986 and 334039, and it worked fine for me. I just upgraded my desktop to FreeBSD 11.2-BETA3. net.inet.ip.fw.dyn_keep_states is available and works for me.