From owner-cvs-all@FreeBSD.ORG  Tue Feb 22 17:40:41 2005
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4CB5116A4CE; Tue, 22 Feb 2005 17:40:41 +0000 (GMT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 30B4343D5C; Tue, 22 Feb 2005 17:40:41 +0000 (GMT)
	(envelope-from andre@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j1MHef8U065786;
	Tue, 22 Feb 2005 17:40:41 GMT
	(envelope-from andre@repoman.freebsd.org)
Received: (from andre@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j1MHefOr065785;
	Tue, 22 Feb 2005 17:40:41 GMT
	(envelope-from andre)
Message-Id: <200502221740.j1MHefOr065785@repoman.freebsd.org>
From: Andre Oppermann <andre@FreeBSD.org>
Date: Tue, 22 Feb 2005 17:40:41 +0000 (UTC)
To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Subject: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options
 src/sys/netinet ip_input.c ip_output.c
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Feb 2005 17:40:41 -0000

andre       2005-02-22 17:40:41 UTC

  FreeBSD src repository

  Modified files:
    sbin/ipfw            ipfw.8 
    sys/conf             NOTES options 
    sys/netinet          ip_input.c ip_output.c 
  Log:
  Bring back the full packet destination manipulation for 'ipfw fwd'
  with the kernel compile time option:
  
   options IPFIREWALL_FORWARD_EXTENDED
  
  This option has to be specified in addition to IPFIRWALL_FORWARD.
  
  With this option even packets targeted for an IP address local
  to the host can be redirected.  All restrictions to ensure proper
  behaviour for locally generated packets are turned off.  Firewall
  rules have to be carefully crafted to make sure that things like
  PMTU discovery do not break.
  
  Document the two kernel options.
  
  PR:             kern/71910
  PR:             kern/73129
  MFC after:      1 week
  
  Revision  Changes    Path
  1.167     +14 -1     src/sbin/ipfw/ipfw.8
  1.1301    +6 -0      src/sys/conf/NOTES
  1.494     +1 -0      src/sys/conf/options
  1.297     +12 -0     src/sys/netinet/ip_input.c
  1.240     +5 -1      src/sys/netinet/ip_output.c