Date: Thu, 10 Mar 2016 12:34:37 -0800 From: Julian Elischer <julian@freebsd.org> To: Mark Felder <feld@FreeBSD.org>, Ian Smith <smithi@nimnet.asn.au>, Don Lewis <truckman@freebsd.org> Cc: freebsd-ipfw@freebsd.org, fjwcash@gmail.com Subject: Re: ipwf dummynet vs. kernel NAT and firewall rules Message-ID: <56E1DA5D.6060006@freebsd.org> In-Reply-To: <1457638541.445340.545617522.5FF4A6BE@webmail.messagingengine.com> References: <201603092302.u29N2IYm012240@gw.catspoiler.org> <20160310165323.U61428@sola.nimnet.asn.au> <1457638541.445340.545617522.5FF4A6BE@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/03/2016 11:35 AM, Mark Felder wrote: > > On Thu, Mar 10, 2016, at 00:53, Ian Smith wrote: >> On Wed, 9 Mar 2016 15:02:18 -0800, Don Lewis wrote: >> > On 9 Mar, Don Lewis wrote: >> > > On 9 Mar, Don Lewis wrote: >> > >> On 9 Mar, Don Lewis wrote: >> > >>> On 9 Mar, Freddie Cash wrote: >> > >>>> >> > >>>> ?Do you have the sysctl net.inet.ip.fw.one_pass set to 0 or 1? >> > >>> >> > >>> Aha, I've got it set to 1. >> >> I observe that in 99 cases out of 100, the default of 1 is undesired, >> but it's too late to do anything but advise people - thanks Freddie! >> > Is there any reason why we shouldn't just change the default for > 11-RELEASE? yeah people will kill you. firewalls don't get rewritten by mergemaster. > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56E1DA5D.6060006>