Date: Thu, 18 Jun 2009 17:39:06 +0400 From: subbsd <subbsd@gmail.com> To: freebsd-ipfw@freebsd.org Subject: about net.inet.ip.fw.default_to_accept sysctl OID in generic-kernel builds Message-ID: <200906181739.07185.subbsd@gmail.com>
next in thread | raw e-mail | index | archive | help
Hello maillist
In my custom kernel with IPFIREWALL_DEFAULT_TO_ACCEPT, this OID
(net.inet.ip.fw.default_to_accept) is present in system and i can control him
in loader.conf. I see OID when sysctl(8) execute and when i looks in binary
kernel or ipfw.ko:
% strings /boot/kernel/ipfw.ko /boot/kernel/kernel | grep
net.inet.ip.fw.default_to_accept
net.inet.ip.fw.default_to_accept
net.inet.ip.fw.default_to_accept
(it presents in ipfw.ko and kernel)
But ipfw.ko from GENERIC kernel does not produce this OID so, booting machine
on GENERIC kernel with FIREWALL and "65535 pass ip from any to any" is not
possible.
In /usr/src/sys/netinet/ipfw/ip_fw2.c
i see:
#ifdef SYSCTL_NODE
...
SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN,
&default_to_accept, 0, "Make the default rule accept all packets.");
TUNABLE_INT("net.inet.ip.fw.default_to_accept", &default_to_accept);
#endif /* SYSCTL_NODE */
What is SYSCTL_NODE and why net.inet.ip.fw.default_to_accept not producing in
ipfw.ko without IPFIREWALL_DEFAULT_TO_ACCEPT ?
Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906181739.07185.subbsd>