Date: Sat, 13 Apr 2019 09:06:36 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r346181 - in stable/11: etc/defaults etc/rc.d share/man/man5 Message-ID: <201904130906.x3D96aB2077980@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Sat Apr 13 09:06:36 2019 New Revision: 346181 URL: https://svnweb.freebsd.org/changeset/base/346181 Log: MFC r345450: Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod modules by declaring corresponding variables in rc.conf. Also document them in rc.conf(5). Submitted by: Dries Michiels Differential Revision: https://reviews.freebsd.org/D19673 MFC r345985: Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf Modified: stable/11/etc/defaults/rc.conf stable/11/etc/rc.d/ipfw stable/11/share/man/man5/rc.conf.5 Directory Properties: stable/11/ (props changed) Modified: stable/11/etc/defaults/rc.conf ============================================================================== --- stable/11/etc/defaults/rc.conf Sat Apr 13 08:55:49 2019 (r346180) +++ stable/11/etc/defaults/rc.conf Sat Apr 13 09:06:36 2019 (r346181) @@ -168,6 +168,9 @@ firewall_nologports="135-139,445 1026,1027 1433,1434" firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES) firewall_nat_interface="" # Public interface or IPaddress to use firewall_nat_flags="" # Additional configuration parameters +firewall_nat64_enable="NO" # Enable kernel NAT64 module. +firewall_nptv6_enable="NO" # Enable kernel NPTv6 module. +firewall_pmod_enable="NO" # Enable kernel protocols modification module. dummynet_enable="NO" # Load the dummynet(4) module ipfw_netflow_enable="NO" # Enable netflow logging via ng_netflow ip_portrange_first="NO" # Set first dynamically allocated port Modified: stable/11/etc/rc.d/ipfw ============================================================================== --- stable/11/etc/rc.d/ipfw Sat Apr 13 08:55:49 2019 (r346180) +++ stable/11/etc/rc.d/ipfw Sat Apr 13 09:06:36 2019 (r346181) @@ -34,6 +34,15 @@ ipfw_prestart() if checkyesno firewall_nat_enable; then required_modules="$required_modules ipfw_nat" fi + if checkyesno firewall_nat64_enable; then + required_modules="$required_modules ipfw_nat64" + fi + if checkyesno firewall_nptv6_enable; then + required_modules="$required_modules ipfw_nptv6" + fi + if checkyesno firewall_pmod_enable; then + required_modules="$required_modules ipfw_pmod" + fi } ipfw_start() Modified: stable/11/share/man/man5/rc.conf.5 ============================================================================== --- stable/11/share/man/man5/rc.conf.5 Sat Apr 13 08:55:49 2019 (r346180) +++ stable/11/share/man/man5/rc.conf.5 Sat Apr 13 09:06:36 2019 (r346181) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd December 17, 2017 +.Dd March 21, 2019 .Dt RC.CONF 5 .Os .Sh NAME @@ -568,9 +568,11 @@ equivalent of .Va natd_enable . Setting this to .Dq Li YES -enables kernel NAT. +will automatically load the +.Xr ipfw 8 +NAT kernel module if .Va firewall_enable -must also be set to +is also set to .Dq Li YES . .It Va firewall_nat_interface .Pq Vt str @@ -583,6 +585,36 @@ kernel NAT should run. .It Va firewall_nat_flags .Pq Vt str Additional configuration parameters for kernel NAT should be placed here. +.It Va firewall_nat64_enable +.Pq Vt bool +Setting this to +.Dq Li YES +will automatically load the +.Xr ipfw 8 +NAT64 kernel module if +.Va firewall_enable +is also set to +.Dq Li YES . +.It Va firewall_nptv6_enable +.Pq Vt bool +Setting this to +.Dq Li YES +will automatically load the +.Xr ipfw 8 +NPTv6 kernel module if +.Va firewall_enable +is also set to +.Dq Li YES . +.It Va firewall_pmod_enable +.Pq Vt bool +Setting this to +.Dq Li YES +will automatically load the +.Xr ipfw 8 +pmod kernel module if +.Va firewall_enable +is also set to +.Dq Li YES . .It Va dummynet_enable .Pq Vt bool Setting this to
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904130906.x3D96aB2077980>