Date: Fri, 25 May 2018 21:42:14 +0800 From: =?Big5?Q?=C2=C5=AE=BC=DE=B3?= <lantw44@gmail.com> To: "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net> Cc: ae@freebsd.org, freebsd-ipfw@freebsd.org Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 Message-ID: <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com> In-Reply-To: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> References: <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
於 星期四,2018-05-24 於 08:18 -0700,Rodney W. Grimes 提到: > > Hello, > > > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found > > the > > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to > > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on > > both 'net.inet.ip.fw.default_to_accept=1' and > > 'net.inet.ip.fw.dyn_keep_states=1' > > to be able to reload firewall rules with 'service ipfw restart' without > > breaking > > existing TCP connections. As this sysctl variable is still mentioned in > > ipfw(8) > > man page, will it be brought back in future versions, or there will be an > > alternative solution for firewall rules reload? > > As a follow up to this discusion, there has been a merge of code > into the stable/11 branch that should be in the 11.2-BETA3 build > that corrects this missing sysctl, It is nice to know this! > could you please test this > build when it comes out and provide feed back to how it works > for you. Yes, I will test it. I already tested it on 11.2-BETA2 by manually applying patches from r333986 and 334039, and it worked fine for me. > > Thanks,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001c64d4ba91726229d1139fd1331f09e80d0c68.camel>