From owner-freebsd-stable@FreeBSD.ORG  Mon Dec 17 13:37:07 2007
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5366816A418
	for <freebsd-stable@freebsd.org>; Mon, 17 Dec 2007 13:37:07 +0000 (UTC)
	(envelope-from Stephen.Clark@seclark.us)
Received: from smtpout09.prod.mesa1.secureserver.net
	(smtpout09-04.prod.mesa1.secureserver.net [64.202.165.17])
	by mx1.freebsd.org (Postfix) with SMTP id 306AC13C4CC
	for <freebsd-stable@freebsd.org>; Mon, 17 Dec 2007 13:37:06 +0000 (UTC)
	(envelope-from Stephen.Clark@seclark.us)
Received: (qmail 21509 invoked from network); 17 Dec 2007 13:37:06 -0000
Received: from unknown (24.144.77.185)
	by smtpout09-04.prod.mesa1.secureserver.net (64.202.165.17) with ESMTP;
	17 Dec 2007 13:37:06 -0000
Message-ID: <47667B82.80306@seclark.us>
Date: Mon, 17 Dec 2007 08:37:06 -0500
From: Stephen Clark <Stephen.Clark@seclark.us>
User-Agent: Mozilla Thunderbird 1.0.8-1.1.fc4 (X11/20060501)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: IP Filter
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Stephen.Clark@seclark.us
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2007 13:37:07 -0000

Hello List,

Can someone tell me why ipf_nattable_max is not a sysctl variable. The 
only way to change this currently
is via a edit the source and rebuild.

It looks like it would be as simple as adding:
SYSCTL_IPF(_net_inet_ipf, OID_AUTO, pf_nattable_max, CTLFLAG_RWO,
           &ipf_nattable_max, 0, "");
to mlfk_ipl.c

Regards,
Steve

-- 

"They that give up essential liberty to obtain temporary safety, 
deserve neither liberty nor safety."  (Ben Franklin)

"The course of history shows that as a government grows, liberty 
decreases."  (Thomas Jefferson)