Date: Thu, 10 Jun 2004 19:11:32 -0400 From: Chuck Swiger <cswiger@mac.com> To: Ruslan Ermilov <ru@FreeBSD.org> Cc: stable@FreeBSD.org Subject: Re: ipfw(8) lookup tables now available for RELENG_4 Message-ID: <40C8EAA4.9000903@mac.com> In-Reply-To: <20040610211327.GA3040@ip.net.ua> References: <20040610211327.GA3040@ip.net.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Ruslan Ermilov wrote: > For those of you interested, here you can find a patch that > adds the IPFW2 lookup tables feature to RELENG_4: > > http://people.FreeBSD.org/~ru/patches/ipfw_tables.patch > > I plan to commit it next Friday. Feedback is appreciated. Was the patch not made relative to /usr/src? The diff applied cleanly, but I had to invoke 'patch -p0' for it to find the files. Anyway, I just finished rebuilding kernel and world, so the changes compile fine, and it looks like my machine rebooted cleanly. Seems to work okay with a trivial IPFW2 ruleset, I haven't tried anything more complicated: 00100 78 25096 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 513 53267 allow ip from any to any --- Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.10-STABLE #2: Thu Jun 10 18:41:59 EDT 2004 root@sec.pkix.net:/usr/obj/usr/src/sys/NORMAL Timecounter "i8254" frequency 1193182 Hz CPU: Intel(R) Celeron(TM) CPU 1400MHz (933.37-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x6b4 Stepping = 4 Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PA real memory = 201326592 (196608K bytes) avail memory = 191160320 (186680K bytes) Preloaded elf kernel "kernel" at 0xc0480000. VESA: v3.0, 4096k memory, flags:0x1, mode table:0xc03f9642 (1000022) VESA: STB Velocity 128 (RIVA 128) Pentium Pro MTRR support enabled md0: Malloc disk Using $PIR table, 8 entries at 0xc00fdf40 apm0: <APM BIOS> on motherboard apm0: found APM BIOS v1.2, connected at v1.2 npx0: <math processor> on motherboard npx0: INT 16 interface pcib0: <Intel 82443LX (440 LX) host to PCI bridge> on motherboard pci0: <PCI bus> on pcib0 [ ... ] DUMMYNET initialized (011031) BRIDGE 020214 loaded ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to accept, logging limited to 100 packets/entry by default IPsec: Initialized Security Association Processing. ad0: 8223MB <ST38410A> [16708/16/63] at ata0-master UDMA33 Mounting root from ufs:/dev/ad0s2a Thanks for the work to MFC this... -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40C8EAA4.9000903>