Date: Mon, 21 May 2018 22:39:38 +0800 From: Julian Elischer <julian@freebsd.org> To: "Andrey V. Elsukov" <bu7cher@yandex.ru>, =?UTF-8?B?6JeN5oy655GL?= <lantw44@gmail.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: Missing sysctl net.inet.ip.fw.dyn_keep_states on FreeBSD 11.2 Message-ID: <34d30eca-bbb1-e0d0-3b7b-bc211421b665@freebsd.org> In-Reply-To: <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru> References: <22feed0d6b659746619604cb20e2e091b79ca480.camel@gmail.com> <8f9ed115-a4ea-c8a2-795b-ce5e77046123@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21/5/18 2:45 am, Andrey V. Elsukov wrote: > On 20.05.2018 11:00, èĉşç wrote: >> Hello, >> >> I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the >> sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to >> FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on >> both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1' >> to be able to reload firewall rules with 'service ipfw restart' without breaking >> existing TCP connections. As this sysctl variable is still mentioned in ipfw(8) >> man page, will it be brought back in future versions, or there will be an >> alternative solution for firewall rules reload? > Hi, > > I'll try to implement this feature in this new implementation and will > report back to you. Unfortunately, it will not appear in 11.2-RELEASE, > but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE. > I'm sorry about that. > I think a better idea would be to specify a rule number rather than just 1 or 0 Or at least be more flexible. I use a lot of dynamic rules that have actions like 'skipto' or nat
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34d30eca-bbb1-e0d0-3b7b-bc211421b665>