Site Navigation

Date:      Mon, 18 May 2009 20:23:16 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org
Subject:   svn commit: r192336 - in stable/7/sys: . contrib/pf dev/ath/ath_hal dev/cxgb netinet
Message-ID:  <200905182023.n4IKNGZ2073804@svn.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

Author: jhb
Date: Mon May 18 20:23:16 2009
New Revision: 192336
URL: http://svn.freebsd.org/changeset/base/192336

Log:
  MFC: Convert IPFW_DEFAULT_TO_ACCEPT into a loader tunable.

Modified:
  stable/7/sys/   (props changed)
  stable/7/sys/contrib/pf/   (props changed)
  stable/7/sys/dev/ath/ath_hal/   (props changed)
  stable/7/sys/dev/cxgb/   (props changed)
  stable/7/sys/netinet/ip_fw2.c

Modified: stable/7/sys/netinet/ip_fw2.c
==============================================================================
--- stable/7/sys/netinet/ip_fw2.c	Mon May 18 19:56:06 2009	(r192335)
+++ stable/7/sys/netinet/ip_fw2.c	Mon May 18 20:23:16 2009	(r192336)
@@ -111,6 +111,11 @@ static int fw_verbose;
 static struct callout ipfw_timeout;
 static int verbose_limit;
 
+#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
+static int default_to_accept = 1;
+#else
+static int default_to_accept;
+#endif
 static uma_zone_t ipfw_dyn_rule_zone;
 
 /*
@@ -170,6 +175,9 @@ SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, d
     NULL, IPFW_DEFAULT_RULE, "The default/max possible rule number.");
 SYSCTL_UINT(_net_inet_ip_fw, OID_AUTO, tables_max, CTLFLAG_RD,
     NULL, IPFW_TABLES_MAX, "The maximum number of tables.");
+SYSCTL_INT(_net_inet_ip_fw, OID_AUTO, default_to_accept, CTLFLAG_RDTUN,
+    &default_to_accept, 0, "Make the default rule accept all packets.");
+TUNABLE_INT("net.inet.ip.fw.default_to_accept", &default_to_accept);
 #endif /* SYSCTL_NODE */
 
 /*
@@ -4514,11 +4522,7 @@ ipfw_init(void)
 	default_rule.set = RESVD_SET;
 
 	default_rule.cmd[0].len = 1;
-	default_rule.cmd[0].opcode =
-#ifdef IPFIREWALL_DEFAULT_TO_ACCEPT
-				1 ? O_ACCEPT :
-#endif
-				O_DENY;
+	default_rule.cmd[0].opcode = default_to_accept ? O_ACCEPT : O_DENY;
 
 	error = add_rule(&layer3_chain, &default_rule);
 	if (error != 0) {

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200905182023.n4IKNGZ2073804>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact