From owner-freebsd-stable@FreeBSD.ORG Thu Jun 10 23:11:47 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2DFB16A4CE; Thu, 10 Jun 2004 23:11:47 +0000 (GMT) Received: from out007.verizon.net (out007pub.verizon.net [206.46.170.107]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6540343D39; Thu, 10 Jun 2004 23:11:47 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.3] ([68.161.84.3]) by out007.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040610231132.IXJW28276.out007.verizon.net@[192.168.1.3]>; Thu, 10 Jun 2004 18:11:32 -0500 Message-ID: <40C8EAA4.9000903@mac.com> Date: Thu, 10 Jun 2004 19:11:32 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040608 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ruslan Ermilov References: <20040610211327.GA3040@ip.net.ua> In-Reply-To: <20040610211327.GA3040@ip.net.ua> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out007.verizon.net from [68.161.84.3] at Thu, 10 Jun 2004 18:11:31 -0500 cc: stable@FreeBSD.org Subject: Re: ipfw(8) lookup tables now available for RELENG_4 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2004 23:11:47 -0000 Ruslan Ermilov wrote: > For those of you interested, here you can find a patch that > adds the IPFW2 lookup tables feature to RELENG_4: > > http://people.FreeBSD.org/~ru/patches/ipfw_tables.patch > > I plan to commit it next Friday. Feedback is appreciated. Was the patch not made relative to /usr/src? The diff applied cleanly, but I had to invoke 'patch -p0' for it to find the files. Anyway, I just finished rebuilding kernel and world, so the changes compile fine, and it looks like my machine rebooted cleanly. Seems to work okay with a trivial IPFW2 ruleset, I haven't tried anything more complicated: 00100 78 25096 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 513 53267 allow ip from any to any --- Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.10-STABLE #2: Thu Jun 10 18:41:59 EDT 2004 root@sec.pkix.net:/usr/obj/usr/src/sys/NORMAL Timecounter "i8254" frequency 1193182 Hz CPU: Intel(R) Celeron(TM) CPU 1400MHz (933.37-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6b4 Stepping = 4 Features=0x383f9ff on motherboard apm0: found APM BIOS v1.2, connected at v1.2 npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 [ ... ] DUMMYNET initialized (011031) BRIDGE 020214 loaded ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default IPsec: Initialized Security Association Processing. ad0: 8223MB [16708/16/63] at ata0-master UDMA33 Mounting root from ufs:/dev/ad0s2a Thanks for the work to MFC this... -- -Chuck