Date: Sun, 18 Feb 2001 00:39:24 +0000 From: Chris Elsworth <chrise@demon.net> To: Mike Bytnar <mbytnar@auvo.com> Cc: stable@FreeBSD.ORG, Bradley Kite <bradley@rug-rats.org> Subject: Re: ipfw query.. Message-ID: <20010218003924.B12575@demon.net> In-Reply-To: <3A8D41B9.F79358D3@auvo.com>; from mbytnar@auvo.com on Fri, Feb 16, 2001 at 09:05:29am -0600 References: <20010215130342.A95395@demon.net> <20010215135309.A23654@rug-rats.org> <3A8BE217.7AF6BFBD@herculeez.com> <20010215140949.A96244@demon.net> <3A8D41B9.F79358D3@auvo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 16, 2001 at 09:05:29am -0600, Mike Bytnar wrote: > sysctl -w net.inet.ip.fw.one_pass=0 > > This flag allows packets to pass through the pipes, until they are accepted by a > pass or fail rule. But the configuration can be tricky. > Another way is to place your packet processing (such as natd) first, then pass > through the pipes. Well, I don't need natd or anything - the only stuff I need to do (this FreeBSD box is acting as a bridge) is pass the packets through the pipe and then to the firewall rules to determine whether to drop the packet or not. The order isn't important so long as it all gets done.. It currently doesn't - the sysctl command doesn't fix it, either.. -- Chris Elsworth tel: 020 8371 1041 _ . Systems Administrator mob: 07968 324 693 demon @ thus . . Web & Hosting Team chrise@demon.net http://www.demon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010218003924.B12575>