Date: Wed, 22 Sep 1999 16:53:02 -0400 (EDT) From: emoc the phearless <emoc@scr3am.com> To: FreeBSD-gnats-submit@freebsd.org Subject: conf/13907: rc, dummynet.4 changes Message-ID: <Pine.LNX.4.10.9909221649560.8279-100000@ego.scr3am.com>
next in thread | raw e-mail | index | archive | help
>Number: 13907 >Category: conf >Synopsis: dummynet.4 correction, rc addition of >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Sep 22 13:40:00 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Matthew George >Release: FreeBSD 3.3-STABLE i386 >Organization: <Organization of PR author (multiple lines)> >Environment: >Description: dummynet.4 has the incorrect sysctl listed to disable one_pass rc.firewall and defaults/rc.conf are modified to enable disabling one_pass by setting net.inet.ip.fw.one_pass to 0 one_pass is used with dummynet in order to define whether packets are accepted once they match a pipe (this is the default behavior). If one_pass is set to 0, the packet is reinjected into the rules immediately following the pipe that it matched and will be tested against the remainder of the ruleset. >How-To-Repeat: >Fix: *** man4/dummynet.4.orig Tue Sep 21 19:57:15 1999 --- man4/dummynet.4 Tue Sep 21 19:57:47 1999 *************** *** 89,95 **** are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable ! sys.net.inet.ipfw.one_pass Packets coming from a pipe can be either forwarded to their destination, or passed again through the .Nm ipfw --- 89,95 ---- are reinjected into the protocol stack at the same point they came from (i.e. ip_input(), ip_output(), bdg_forward() ). Depending on the setting of the sysctl variable ! net.inet.ip.fw.one_pass Packets coming from a pipe can be either forwarded to their destination, or passed again through the .Nm ipfw *** defaults/rc.conf.orig Tue Sep 21 19:38:59 1999 --- defaults/rc.conf Tue Sep 21 19:41:05 1999 *************** *** 35,40 **** --- 35,41 ---- firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display + firewall_one_pass="YES" # Set to NO to continue testing packets after matching a pipe (see dummynet(4)) natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. *** rc.firewall.orig Tue Sep 21 19:44:21 1999 --- rc.firewall Tue Sep 21 19:50:26 1999 *************** *** 49,54 **** --- 49,60 ---- fi ############ + # Unset one_pass if requested + if [ "x$firewall_one_pass" = "xNO" ]; then + /sbin/sysctl -w net.inet.ip.fw.one_pass=0 + fi + + ############ # Set quiet mode if requested if [ "x$firewall_quiet" = "xYES" ]; then fwcmd="/sbin/ipfw -q" >Release-Note: >Audit-Trail: >Unformatted: net.inet.ip.fw.one_pass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909221649560.8279-100000>