Date: Fri, 18 Nov 2005 23:57:48 -0800 From: Julian Elischer <julian@elischer.org> To: Ruslan Ermilov <ru@freebsd.org> Cc: cvs-src@freebsd.org, src-committers@freebsd.org, Hajimu UMEMOTO <ume@freebsd.org>, cvs-all@freebsd.org Subject: Re: cvs commit: src/etc rc.firewall Message-ID: <437EDAFC.2070008@elischer.org> In-Reply-To: <20051119073238.GD20188@ip.net.ua> References: <200511190607.jAJ6700C075492@repoman.freebsd.org> <437EC789.1090709@elischer.org> <20051119073238.GD20188@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov wrote: >On Fri, Nov 18, 2005 at 10:34:49PM -0800, Julian Elischer wrote: > > >>Hajimu UMEMOTO wrote: >> >> >> >>>ume 2005-11-19 06:06:59 UTC >>> >>>FreeBSD src repository >>> >>>Modified files: (Branch: RELENG_6) >>> etc rc.firewall >>>Log: >>>MFC 1.48: don't match packets other than IPv4 against divert rule. >>>divert supports only IPv4. >>> >>>Revision Changes Path >>>1.47.10.1 +1 -1 src/etc/rc.firewall >>> >>> >>> >>> >>huh? >>divert of an ipv6 packet still makes sense! >> >> >> >But not with the natd(8) as a listener. > > well then natd should be defensive about it and you should not divert ipv6 packets there.. I currently divert all sorts of stuff and would be rather annoyed of divert didn't divert a packet I had singled out for diversion. I also have patches that allow me to divert from a bridge and from the link layer. > >Cheers, > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?437EDAFC.2070008>