Date: Thu, 24 May 2018 08:18:48 -0700 (PDT) From: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> To: "[?Big5?]" <lantw44@gmail.com> Cc: ae@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 Message-ID: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> In-Reply-To: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Hello, > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on > both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' > to be able to reload firewall rules with 'service ipfw restart' without breaking > existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) > man page, will it be brought back in future versions, or there will be an > alternative solution for firewall rules reload? As a follow up to this discusion, there has been a merge of code into the stable/11 branch that should be in the 11.2-BETA3 build that corrects this missing sysctl, could you please test this build when it comes out and provide feed back to how it works for you. Thanks, -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201805241518.w4OFIm64041005>