Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 26 May 2018 20:43:40 +0800
From:      =?Big5?Q?=C2=C5=AE=BC=DE=B3?= <lantw44@gmail.com>
To:        "Rodney W. Grimes" <freebsd-rwg@pdx.rh.CN85.dnsmgr.net>
Cc:        ae@freebsd.org, freebsd-ipfw@freebsd.org
Subject:   Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2
Message-ID:  <4bfc2e4e553e6b8620122cdd7562c6ebd810beba.camel@gmail.com>
In-Reply-To: <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com>
References:  <201805241518.w4OFIm64041005@pdx.rh.CN85.dnsmgr.net> <001c64d4ba91726229d1139fd1331f09e80d0c68.camel@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
於 星期五,2018-05-25 於 21:42 +0800,藍挺瑋 提到:
> 於 星期四,2018-05-24 於 08:18 -0700,Rodney W. Grimes 提到:
> > > Hello,
> > > 
> > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I
> > > found
> > > the
> > > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again
> > > to
> > > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely
> > > on
> > > both 'net.inet.ip.fw.default_to_accept=1' and
> > > 'net.inet.ip.fw.dyn_keep_states=1'
> > > to be able to reload firewall rules with 'service ipfw restart' without
> > > breaking
> > > existing TCP connections. As this sysctl variable is still mentioned in
> > > ipfw(8)
> > > man page, will it be brought back in future versions, or there will be an
> > > alternative solution for firewall rules reload?
> > 
> > As a follow up to this discusion, there has been a merge of code
> > into the stable/11 branch that should be in the 11.2-BETA3 build
> > that corrects this missing sysctl,
> 
> It is nice to know this!
> 
> > could you please test this
> > build when it comes out and provide feed back to how it works
> > for you.
> 
> Yes, I will test it. I already tested it on 11.2-BETA2 by manually applying
> patches from r333986 and 334039, and it worked fine for me.

I just upgraded my desktop to FreeBSD 11.2-BETA3. net.inet.ip.fw.dyn_keep_states
is available and works for me.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4bfc2e4e553e6b8620122cdd7562c6ebd810beba.camel>