git: ipfw/ipfw3 - Add pre-load sysctl to default filter to accept
Matthew Dillon
dillon at crater.dragonflybsd.org
Thu Mar 12 18:12:52 PDT 2015
commit d0930e0d9824a3339c8c404418cb223e6f3e339b
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Thu Mar 12 18:08:56 2015 -0700
ipfw/ipfw3 - Add pre-load sysctl to default filter to accept
* Add sysctl and tunable 'net.filters_default_to_accept', which defaults
to off. If this variable is set to non-zero prior to loading the ipfw
or ipfw3 modules, IPFW will default to allowing all packets through instead
of denying all packets.
* It is necessary to use this feature for netbooted systems with NFS roots
as the system will not be able to load the rules table after kldloading
the related module(s) otherwise.
Summary of changes:
sys/net/ipfw/ip_fw2.c | 5 ++++-
sys/net/ipfw3/ip_fw3.c | 5 ++++-
sys/net/pfil.c | 7 +++++++
sys/net/pfil.h | 2 ++
4 files changed, 17 insertions(+), 2 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d0930e0d9824a3339c8c404418cb223e6f3e339b
--
DragonFly BSD source repository
More information about the Commits
mailing list