From owner-freebsd-net@FreeBSD.ORG Fri Jun 24 12:29:24 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1F84416A41C for ; Fri, 24 Jun 2005 12:29:24 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF85F43D1F for ; Fri, 24 Jun 2005 12:29:23 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by zproxy.gmail.com with SMTP id 9so403955nzo for ; Fri, 24 Jun 2005 05:29:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lFXtzzibemPDD4zc+8bE/6/Or7ksww/h128My5JHNe+cRCRCsl5GGu8212uS1xzVhaqbCcb/kVogJiL8nGvYAA0yNQjVesUYI559xcKiOD/EfcfCNlhlEWU5q0Hs2Agcwk6lpVsQXUsciZuR0Z/NrVmpSEQNF0PvlOqYLDcRX94= Received: by 10.36.108.5 with SMTP id g5mr1997394nzc; Fri, 24 Jun 2005 05:29:23 -0700 (PDT) Received: by 10.36.86.4 with HTTP; Fri, 24 Jun 2005 05:29:23 -0700 (PDT) Message-ID: <79722fad0506240529209b4781@mail.gmail.com> Date: Fri, 24 Jun 2005 15:29:23 +0300 From: Vlad GALU To: freebsd-net@freebsd.org In-Reply-To: <42BBFB25.2080701@borderware.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <42BBFB25.2080701@borderware.com> Subject: Re: ipfilter and ipfw order. X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Vlad GALU List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jun 2005 12:29:24 -0000 On 6/24/05, ming fu wrote: > Hi, >=20 > In the 4.x kernel, ipfilter was hardcoded before ipfw in the ip_input(). > However, in the 5.x kernel, they register themselve to the pfil hook. As > there isn't a priority number during the hook up, looks like who ever > register first get to filter the packet first. >=20 > In case I want to preserve the 4.x behaviour of ipf before ipfw in the > input path, how do I reliable achieve that. Link ipfilter statically inside the kernel. Load ipfw as a module. >=20 > Regards, > Ming > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.