Date: Wed, 22 Sep 1999 16:53:02 -0400 (EDT) From: emoc the phearless <emoc@scr3am.com> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/13907: rc, dummynet.4 changes Message-ID: <Pine.LNX.4.10.9909221649560.8279-100000@ego.scr3am.com>
next in thread | raw e-mail | index | archive | help
>Number: 13907
>Category: conf
>Synopsis: dummynet.4 correction, rc addition of
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Wed Sep 22 13:40:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Matthew George
>Release: FreeBSD 3.3-STABLE i386
>Organization:
<Organization of PR author (multiple lines)>
>Environment:
>Description:
dummynet.4 has the incorrect sysctl listed to disable one_pass
rc.firewall and defaults/rc.conf are modified to enable disabling
one_pass by setting net.inet.ip.fw.one_pass to 0
one_pass is used with dummynet in order to define whether packets
are accepted once they match a pipe (this is the default behavior).
If one_pass is set to 0, the packet is reinjected into the rules
immediately following the pipe that it matched and will be tested
against the remainder of the ruleset.
>How-To-Repeat:
>Fix:
*** man4/dummynet.4.orig Tue Sep 21 19:57:15 1999
--- man4/dummynet.4 Tue Sep 21 19:57:47 1999
***************
*** 89,95 ****
are reinjected into the protocol stack at the same point they came
from (i.e. ip_input(), ip_output(), bdg_forward() ).
Depending on the setting of the sysctl variable
! sys.net.inet.ipfw.one_pass
Packets coming from a pipe can be either forwarded to their
destination, or passed again through the
.Nm ipfw
--- 89,95 ----
are reinjected into the protocol stack at the same point they came
from (i.e. ip_input(), ip_output(), bdg_forward() ).
Depending on the setting of the sysctl variable
! net.inet.ip.fw.one_pass
Packets coming from a pipe can be either forwarded to their
destination, or passed again through the
.Nm ipfw
*** defaults/rc.conf.orig Tue Sep 21 19:38:59 1999
--- defaults/rc.conf Tue Sep 21 19:41:05 1999
***************
*** 35,40 ****
--- 35,41 ----
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
firewall_quiet="NO" # Set to YES to suppress rule display
+ firewall_one_pass="YES" # Set to NO to continue testing packets after matching a pipe (see dummynet(4))
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="NO" # Enable natd (if firewall_enable == YES).
natd_interface="fxp0" # Public interface or IPaddress to use.
*** rc.firewall.orig Tue Sep 21 19:44:21 1999
--- rc.firewall Tue Sep 21 19:50:26 1999
***************
*** 49,54 ****
--- 49,60 ----
fi
############
+ # Unset one_pass if requested
+ if [ "x$firewall_one_pass" = "xNO" ]; then
+ /sbin/sysctl -w net.inet.ip.fw.one_pass=0
+ fi
+
+ ############
# Set quiet mode if requested
if [ "x$firewall_quiet" = "xYES" ]; then
fwcmd="/sbin/ipfw -q"
>Release-Note:
>Audit-Trail:
>Unformatted:
net.inet.ip.fw.one_pass
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909221649560.8279-100000>