From owner-svn-src-all@FreeBSD.ORG Thu Oct 25 15:55:02 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A272D550 for ; Thu, 25 Oct 2012 15:55:02 +0000 (UTC) (envelope-from andre@freebsd.org) Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 06FD78FC1B for ; Thu, 25 Oct 2012 15:55:01 +0000 (UTC) Received: (qmail 41962 invoked from network); 25 Oct 2012 17:32:33 -0000 Received: from c00l3r.networx.ch (HELO [127.0.0.1]) ([62.48.2.2]) (envelope-sender ) by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP for ; 25 Oct 2012 17:32:33 -0000 Message-ID: <508960C2.6030003@freebsd.org> Date: Thu, 25 Oct 2012 17:54:42 +0200 From: Andre Oppermann User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20121010 Thunderbird/16.0.1 MIME-Version: 1.0 To: "Andrey V. Elsukov" Subject: Re: svn commit: r242079 - in head: sbin/ipfw share/man/man4 sys/conf sys/net sys/netinet sys/netinet6 sys/netpfil/ipfw References: <201210250939.q9P9dF0q022970@svn.freebsd.org> In-Reply-To: <201210250939.q9P9dF0q022970@svn.freebsd.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Oct 2012 15:55:02 -0000 On 25.10.2012 11:39, Andrey V. Elsukov wrote: > Author: ae > Date: Thu Oct 25 09:39:14 2012 > New Revision: 242079 > URL: http://svn.freebsd.org/changeset/base/242079 > > Log: > Remove the IPFIREWALL_FORWARD kernel option and make possible to turn > on the related functionality in the runtime via the sysctl variable > net.pfil.forward. It is turned off by default. > > Sponsored by: Yandex LLC > Discussed with: net@ > MFC after: 2 weeks I still don't agree with naming the sysctl net.pfil.forward. This type of forwarding is a property of IPv4 and IPv6 and thus should be put there. Pfil hooking can be on layer 2, 2-bridging, 3 and who knows where else in the future. Forwarding works only for IPv46. You haven't even replied to my comment on net@. Please change the sysctl location and name to its appropriate place. Also an MFC's after 2 weeks must ensure that compiling with IPFIREWALL_ FORWARD enabled the sysctl at the same time to keep kernel configs within 9-stable working. -- Andre