Date: Thu, 25 Oct 2012 17:54:42 +0200 From: Andre Oppermann <andre@freebsd.org> To: "Andrey V. Elsukov" <ae@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r242079 - in head: sbin/ipfw share/man/man4 sys/conf sys/net sys/netinet sys/netinet6 sys/netpfil/ipfw Message-ID: <508960C2.6030003@freebsd.org> In-Reply-To: <201210250939.q9P9dF0q022970@svn.freebsd.org> References: <201210250939.q9P9dF0q022970@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25.10.2012 11:39, Andrey V. Elsukov wrote: > Author: ae > Date: Thu Oct 25 09:39:14 2012 > New Revision: 242079 > URL: http://svn.freebsd.org/changeset/base/242079 > > Log: > Remove the IPFIREWALL_FORWARD kernel option and make possible to turn > on the related functionality in the runtime via the sysctl variable > net.pfil.forward. It is turned off by default. > > Sponsored by: Yandex LLC > Discussed with: net@ > MFC after: 2 weeks I still don't agree with naming the sysctl net.pfil.forward. This type of forwarding is a property of IPv4 and IPv6 and thus should be put there. Pfil hooking can be on layer 2, 2-bridging, 3 and who knows where else in the future. Forwarding works only for IPv46. You haven't even replied to my comment on net@. Please change the sysctl location and name to its appropriate place. Also an MFC's after 2 weeks must ensure that compiling with IPFIREWALL_ FORWARD enabled the sysctl at the same time to keep kernel configs within 9-stable working. -- Andre
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?508960C2.6030003>