Date: Wed, 14 Oct 2009 12:24:12 +0000 (UTC) From: "Bjoern A. Zeeb" <bz@FreeBSD.org> To: Julian Elischer <julian@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r197952 - in head/sys: net netgraph netinet netinet/ipfw netinet6 Message-ID: <20091014115713.N5956@maildrop.int.zabbadoz.net> In-Reply-To: <200910110559.n9B5xhNg002528@svn.freebsd.org> References: <200910110559.n9B5xhNg002528@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 11 Oct 2009, Julian Elischer wrote: > Author: julian > Date: Sun Oct 11 05:59:43 2009 > New Revision: 197952 > URL: http://svn.freebsd.org/changeset/base/197952 > > Log: > Virtualize the pfil hooks so that different jails may chose different > packet filters. ALso allows ipfw to be enabled on on ejail and disabled > on another. In 8.0 it's a global setting. > > Sitting aroung in tree waiting to commit for: 2 months Unfortunately this broke VIMAGE with IPSEC builds, which I just fixed. I am not yet convinced this was the right approach but probably the most straight forward one. /bz > MFC after: 2 months > > Modified: > head/sys/net/if_bridge.c > head/sys/net/if_ethersubr.c > head/sys/net/pfil.c > head/sys/netgraph/ng_bridge.c > head/sys/netinet/ip_fastfwd.c > head/sys/netinet/ip_input.c > head/sys/netinet/ip_output.c > head/sys/netinet/ip_var.h > head/sys/netinet/ipfw/ip_fw2.c > head/sys/netinet/ipfw/ip_fw_pfil.c > head/sys/netinet/raw_ip.c > head/sys/netinet6/ip6_forward.c > head/sys/netinet6/ip6_input.c > head/sys/netinet6/ip6_output.c > head/sys/netinet6/ip6_var.h -- Bjoern A. Zeeb It will not break if you know what you are doing.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091014115713.N5956>