Date: Fri, 23 Feb 1996 08:40:24 -0700 From: Nate Williams <nate@sri.MT.net> To: Poul-Henning Kamp <phk@freefall.freebsd.org> Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/conf files src/sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c ip_fwdef.c src/sys/i386/conf LINT Message-ID: <199602231540.IAA21468@rocky.sri.MT.net> In-Reply-To: <199602231526.HAA14847@freefall.freebsd.org> References: <199602231526.HAA14847@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Poul-Henning Kamp writes: > phk 96/02/23 07:26:15 > Log: > Big sweep over the IPFIREWALL and IPACCT code. > > Close the ip-fragment hole. > Waste less memory. > Rewrite to contemporary more readable style. > Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. > Filter incoming >and< outgoing packets. I thought it was filtering both? It seems to be filtering both on my end, or is it only filtering the reply? Does this mean that UDP traffic has been 'leaking' out on me? > Replace "policy" by sticky "deny all" rule. > Rules have numbers used for ordering and deletion. Can you describe this one more fully? How does this affect ordering? Is it a priority based scheme, which allows a person to 'reorder' the rules by hand? (I hope so since I whined at Ugen about it a long time ago). Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602231540.IAA21468>