From owner-cvs-all@FreeBSD.ORG Tue Feb 22 18:59:33 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F78F16A4CE; Tue, 22 Feb 2005 18:59:33 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D4ED43D1D; Tue, 22 Feb 2005 18:59:32 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1MIxUu2040232 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Tue, 22 Feb 2005 21:59:31 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.1/8.12.8) with ESMTP id j1MIxUID016752 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 22 Feb 2005 21:59:30 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.1/8.13.1/Submit) id j1MIxTVi016751; Tue, 22 Feb 2005 21:59:30 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Tue, 22 Feb 2005 21:59:29 +0300 From: Gleb Smirnoff To: Andre Oppermann Message-ID: <20050222185929.GB16542@cell.sick.ru> References: <200502221740.j1MHefOr065785@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200502221740.j1MHefOr065785@repoman.freebsd.org> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options src/sys/netinet ip_input.c ip_output.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 18:59:33 -0000 Thanks! Since a new additional kernel option is now required to obtain a functionality, that was present before without this option, this change deserves a note in UPDATING and probably in 5.4 release notes. On Tue, Feb 22, 2005 at 05:40:41PM +0000, Andre Oppermann wrote: A> andre 2005-02-22 17:40:41 UTC A> A> FreeBSD src repository A> A> Modified files: A> sbin/ipfw ipfw.8 A> sys/conf NOTES options A> sys/netinet ip_input.c ip_output.c A> Log: A> Bring back the full packet destination manipulation for 'ipfw fwd' A> with the kernel compile time option: A> A> options IPFIREWALL_FORWARD_EXTENDED A> A> This option has to be specified in addition to IPFIRWALL_FORWARD. A> A> With this option even packets targeted for an IP address local A> to the host can be redirected. All restrictions to ensure proper A> behaviour for locally generated packets are turned off. Firewall A> rules have to be carefully crafted to make sure that things like A> PMTU discovery do not break. A> A> Document the two kernel options. A> A> PR: kern/71910 A> PR: kern/73129 A> MFC after: 1 week A> A> Revision Changes Path A> 1.167 +14 -1 src/sbin/ipfw/ipfw.8 A> 1.1301 +6 -0 src/sys/conf/NOTES A> 1.494 +1 -0 src/sys/conf/options A> 1.297 +12 -0 src/sys/netinet/ip_input.c A> 1.240 +5 -1 src/sys/netinet/ip_output.c -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE