From owner-freebsd-commit Fri Feb 23 07:38:14 1996 Return-Path: owner-commit Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id HAA15794 for freebsd-commit-outgoing; Fri, 23 Feb 1996 07:38:14 -0800 (PST) Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id HAA15776 for cvs-all-outgoing; Fri, 23 Feb 1996 07:38:03 -0800 (PST) Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA15726 Fri, 23 Feb 1996 07:37:38 -0800 (PST) Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id IAA21468; Fri, 23 Feb 1996 08:40:24 -0700 Date: Fri, 23 Feb 1996 08:40:24 -0700 From: Nate Williams Message-Id: <199602231540.IAA21468@rocky.sri.MT.net> To: Poul-Henning Kamp Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-sys@freefall.freebsd.org Subject: Re: cvs commit: src/sys/conf files src/sys/netinet ip_fw.c ip_fw.h ip_input.c ip_output.c raw_ip.c ip_fwdef.c src/sys/i386/conf LINT In-Reply-To: <199602231526.HAA14847@freefall.freebsd.org> References: <199602231526.HAA14847@freefall.freebsd.org> Sender: owner-commit@FreeBSD.ORG Precedence: bulk Poul-Henning Kamp writes: > phk 96/02/23 07:26:15 > Log: > Big sweep over the IPFIREWALL and IPACCT code. > > Close the ip-fragment hole. > Waste less memory. > Rewrite to contemporary more readable style. > Kill separate IPACCT facility, use "accept" rules in IPFIREWALL. > Filter incoming >and< outgoing packets. I thought it was filtering both? It seems to be filtering both on my end, or is it only filtering the reply? Does this mean that UDP traffic has been 'leaking' out on me? > Replace "policy" by sticky "deny all" rule. > Rules have numbers used for ordering and deletion. Can you describe this one more fully? How does this affect ordering? Is it a priority based scheme, which allows a person to 'reorder' the rules by hand? (I hope so since I whined at Ugen about it a long time ago). Nate