From owner-freebsd-ipfw@FreeBSD.ORG Thu Jun 18 14:06:54 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 17EF4106566B for ; Thu, 18 Jun 2009 14:06:54 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: from mail-fx0-f206.google.com (mail-fx0-f206.google.com [209.85.220.206]) by mx1.freebsd.org (Postfix) with ESMTP id 998698FC0A for ; Thu, 18 Jun 2009 14:06:53 +0000 (UTC) (envelope-from subbsd@gmail.com) Received: by fxm2 with SMTP id 2so119044fxm.43 for ; Thu, 18 Jun 2009 07:06:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:disposition-notification-to:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; bh=/l3WX6yNiuFQcvjOzYtSiIGhu274VVoXFQqmWWWK8Kc=; b=xqjADCM11mjJ15DytGLKngmzxt2u90AATT+Fg8mEgMmqArJZe5B8IiBZERftFuw9Ke JXjj6wwqD3R/B1G12YrFikUs8uez7HdXWqXGdELNY+ibbMSMpTKDexV+pjIjuexu/VtV RqpLlxE4tRl/CkFJa1Et/NOdkoFsmI6iBGCgc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:disposition-notification-to :mime-version:content-type:content-transfer-encoding :content-disposition:message-id; b=lmlYxrH3gfI9gz2wsH3uWlaltADXPRwQQf7YE65AWz7cVH5fuANtPOwplpzSn1IvQw zyIG+al0lvxb4tT1G7aqfQVvqcv0p2vC8CS3QU2PJcLS5DtDXGM7KK6mVSkL3imVRiHR +m1BAa0/d5DY/ZxndGwWNoyreXKny3Vosmc0s= Received: by 10.204.70.135 with SMTP id d7mr1341169bkj.194.1245332350147; Thu, 18 Jun 2009 06:39:10 -0700 (PDT) Received: from gizmo.nevosoft.local ([195.182.128.54]) by mx.google.com with ESMTPS id y15sm3573785fkd.53.2009.06.18.06.39.08 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 18 Jun 2009 06:39:09 -0700 (PDT) From: subbsd To: freebsd-ipfw@freebsd.org Date: Thu, 18 Jun 2009 17:39:06 +0400 User-Agent: KMail/1.11.4 (FreeBSD/8.0-CURRENT; KDE/4.2.4; amd64; ; ) MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200906181739.07185.subbsd@gmail.com> Subject: about net.inet.ip.fw.default_to_accept sysctl OID in generic-kernel builds X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jun 2009 14:06:54 -0000 Hello maillist In my custom kernel with IPFIREWALL_DEFAULT_TO_ACCEPT, this OID (net.inet.ip.fw.default_to_accept) is present in system and i can control him in loader.conf. I see OID when sysctl(8) execute and when i looks in binary kernel or ipfw.ko: % strings /boot/kernel/ipfw.ko /boot/kernel/kernel | grep net.inet.ip.fw.default_to_accept net.inet.ip.fw.default_to_accept net.inet.ip.fw.default_to_accept (it presents in ipfw.ko and kernel) But ipfw.ko from GENERIC kernel does not produce this OID so, booting machine on GENERIC kernel with FIREWALL and "65535 pass ip from any to any" is not possible. In /usr/src/sys/netinet/ipfw/ip_fw2.c i see: #ifdef SYSCTL_NODE ... SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN, &default_to_accept, 0, "Make the default rule accept all packets."); TUNABLE_INT("net.inet.ip.fw.default_to_accept", &default_to_accept); #endif /* SYSCTL_NODE */ What is SYSCTL_NODE and why net.inet.ip.fw.default_to_accept not producing in ipfw.ko without IPFIREWALL_DEFAULT_TO_ACCEPT ? Thanks.