From owner-freebsd-net@FreeBSD.ORG Fri Jun 20 11:18:24 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F34337B401 for ; Fri, 20 Jun 2003 11:18:24 -0700 (PDT) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79AF143FB1 for ; Fri, 20 Jun 2003 11:18:23 -0700 (PDT) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2653.19) id ; Fri, 20 Jun 2003 14:18:20 -0400 Message-ID: From: Don Bowman To: 'Luigi Rizzo' , Don Bowman Date: Fri, 20 Jun 2003 14:18:17 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" cc: "'freebsd-net@freebsd.org'" Subject: RE: nested ipfw dummynet pipes X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2003 18:18:24 -0000 From: Luigi Rizzo [mailto:rizzo@icir.org] > > On Fri, Jun 20, 2003 at 01:41:21PM -0400, Don Bowman wrote: > > is there any way, in a bridging config, to have nested pipes? > > net.inet.ip.fw.one_pass=0 should do the job, i think the comment > in the manpage is now incorrect and the code (in net/bridge.c) > has been fixed (one-line) to implement this. > > Check the commit logs, i don't have them handy at the moment. Thanks very much, I will check this. I assume this will be true for IPFW2 rather than IPFW. It appears that 1.16.2.23, nov 21 2002, RELENG_4 has this from the log: "MFC: obey to fw_one_pass in bridge and layer 2 firewalling (the latter only affects ipfw2 users). Move fw_one_pass from ip_fw[2].c to ip_input.c to avoid depending on IPFIREWALL." I will try this out.