Date: Mon, 5 Aug 2002 10:12:13 -0600 From: "Aaron D. Gifford" <agifford@infowest.com> To: ipfw@freebsd.org Subject: keep-state lifetime patches - now for IPFW2 Message-ID: <200208051012.13680.agifford@infowest.com>
next in thread | raw e-mail | index | archive | help
Hello, Just a little note to let anyone interest know I've got the keep-state "lifetime <seconds>" patch set ported to IPFW2 for FreeBSD 4.6-STABLE. With IPFW2, a major reason to use the patch set is greatly diminished by Luigi Rizzo's excellent automatic TCP keepalive feature. The patches remain useful for tighter control over non-TCP traffic, or for cases where one still wants finer grained dynamic rule expiration control, even with keepalives. The patch set for IPFW2 is definitely experimental, as is IPFW2 in 4.6-STABLE. Read Luigi's post for information about IPFW2 and how to use it in 4.6-STABLE. I'm using it for my home computer network (with my patches applied) and really appreciate Luigi's work. The patch set can be had at: http://www.aarongifford.com/computers/ipfwpatch.html Thanks, Luigi Rizzo, for your excellent IPFW2 addition to FreeBSD, and for bringing it to -STABLE! An IPFW2 gotcha: For anyone using IPFW2 with a complex ruleset like me you will need to be aware that IPFW2's dynamic TCP rule keepalive packets originate from the loopback "lo0" interface, so make sure your ruleset allows these packets to pass. Most rule sets probably won't have to worry about this at all. If you get Aaron out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208051012.13680.agifford>