Date: Thu, 21 May 2015 12:42:27 -0700 From: hiren panchasara <hiren@strugglingcoder.info> To: Jason Wolfe <nitroboost@gmail.com> Cc: Ian Smith <smithi@nimnet.asn.au>, Julian Elischer <julian@freebsd.org>, freebsd-ipfw@freebsd.org Subject: Re: ipfw on just inbound and not outbound Message-ID: <20150521194227.GF95600@strugglingcoder.info> In-Reply-To: <CAAAm0r0uZbbW5mVRVsOE-ooqqTDngM9Z2dMpECihoGR9=Tn=Vg@mail.gmail.com> References: <20150414210901.GA10620@strugglingcoder.info> <552F2F82.1060506@freebsd.org> <20150416164024.B93161@sola.nimnet.asn.au> <CAAAm0r0uZbbW5mVRVsOE-ooqqTDngM9Z2dMpECihoGR9=Tn=Vg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Getting back to this now to see if I can avoid ipfw on outgoing packets.
@@ -500,7 +507,7 @@ ipfw_hook(int onoff, int pf)
hook_func = (pf == AF_LINK) ? ipfw_check_frame : ipfw_check_packet;
(void) (onoff ? pfil_add_hook : pfil_remove_hook)
- (hook_func, NULL, PFIL_IN | PFIL_OUT | PFIL_WAITOK, pfh);
+ (hook_func, NULL, PFIL_IN | PFIL_WAITOK, pfh);
return 0;
}
Should this do the right thing? I'll report back once I test this patch.
cheers,
Hiren
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQF8BAEBCgBmBQJVXjUiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNEUyMEZBMUQ4Nzg4RjNGMTdFNjZGMDI4
QjkyNTBFMTU2M0VERkU1AAoJEIuSUOFWPt/liV0H/0rfdfG5CBvL+G3Z/FXcHo8t
ZmDkNEP39AI/tk2QGvtxiTXojMd+XLgyqr4RmLipw3k12KNp9qniWT60m5zBMLJj
SFU/gJ3VgxHE0H8K/JGVpA1cZ1WnovcyGLpS0GkAvg2lMqISu8y5DdvjjlAB3hQ2
nC/IaTDQrIs9iduE5SJLpWCGRH9eOQwvpO0oyFdyFJrTMtDKms65MWcjpjwWCLaR
8FG09sGiJgC0q9AaaAm1hbYfmtFMlPFcPsiFSW011c7P8wWVtryp2p3XVial5f7b
d0GTHA/ofKurc5Kc+iQnxX4MoTdVxxAMcyEl2n4i0Zh5WVdQ660PUmjVglE9Lb8=
=uFRo
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150521194227.GF95600>