From owner-cvs-all@FreeBSD.ORG Tue Feb 22 23:58:27 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A642716A4CE; Tue, 22 Feb 2005 23:58:27 +0000 (GMT) Received: from relay.bestcom.ru (relay.bestcom.ru [217.72.144.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id C087143D45; Tue, 22 Feb 2005 23:58:26 +0000 (GMT) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (root@cell.sick.ru [217.72.144.68]) by relay.bestcom.ru (8.13.1/8.12.9) with ESMTP id j1MNwOjN043856 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 23 Feb 2005 02:58:24 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.1/8.12.8) with ESMTP id j1MNwNl8018228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 23 Feb 2005 02:58:24 +0300 (MSK) (envelope-from glebius@freebsd.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.1/8.13.1/Submit) id j1MNwN3u018227; Wed, 23 Feb 2005 02:58:23 +0300 (MSK) (envelope-from glebius@freebsd.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@freebsd.org using -f Date: Wed, 23 Feb 2005 02:58:23 +0300 From: Gleb Smirnoff To: Maxim Konovalov Message-ID: <20050222235823.GB18075@cell.sick.ru> References: <200502221740.j1MHefOr065785@repoman.freebsd.org> <20050222185929.GB16542@cell.sick.ru> <20050223021028.K62189@mp2.macomnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <20050223021028.K62189@mp2.macomnet.net> User-Agent: Mutt/1.5.6i X-Virus-Scanned: ClamAV version devel-20050125, clamav-milter version 0.80ff on relay.bestcom.ru X-Virus-Status: Clean cc: cvs-src@freebsd.org cc: src-committers@freebsd.org cc: Andre Oppermann cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options src/sys/netinet ip_input.c ip_output.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 23:58:27 -0000 On Wed, Feb 23, 2005 at 02:12:33AM +0300, Maxim Konovalov wrote: M> > Since a new additional kernel option is now required to obtain a M> > functionality, that was present before without this option, this change M> > deserves a note in UPDATING and probably in 5.4 release notes. M> M> POLA violation detected, please update UPDATING. Yes. To keep POLA an option IP_FIREWALL_LIMITED should be used. Turning this option on should lead to a limited functionality of 'fwd' keyword, that we have now by default. A kernel without this option should retain the same ipfw fwd behavior, that we have had for many years. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE