Date: Fri, 31 Oct 2014 12:12:12 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: freebsd-net@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: any reason not to enable IPDIVERT for ipfw module? Message-ID: <20141031191212.GO8852@funkthat.com>
next in thread | raw e-mail | index | archive | help
Can any one think of a good reason not to enable IPDIVERT sockets in
the ipfw module?
And possibly enabling default to accept? That way you don't have to
go to the console when you load the ipfw module because you forgot to
auto add the accept all rule? :)
something like:
==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 - /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ====
--- /tmp/tmp.15774.16 2014-10-31 12:11:56.000000000 -0700
+++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile 2014-10-31 12:11:54.000000000 -0700
@@ -16,7 +16,10 @@
#CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
#
#If you want it to pass all packets by default
-#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+#
+#If you want divert sockets
+CFLAGS+= -DIPDIVERT
#
.include <bsd.kmod.mk>
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141031191212.GO8852>