cvs commit: src/sbin/ipfw ipfw.8 src/sys/conf NOTES options
src/sys/netinet ip_input.c ip_output.c
Andre Oppermann
andre at FreeBSD.org
Tue Feb 22 17:40:41 GMT 2005
andre 2005-02-22 17:40:41 UTC
FreeBSD src repository
Modified files:
sbin/ipfw ipfw.8
sys/conf NOTES options
sys/netinet ip_input.c ip_output.c
Log:
Bring back the full packet destination manipulation for 'ipfw fwd'
with the kernel compile time option:
options IPFIREWALL_FORWARD_EXTENDED
This option has to be specified in addition to IPFIRWALL_FORWARD.
With this option even packets targeted for an IP address local
to the host can be redirected. All restrictions to ensure proper
behaviour for locally generated packets are turned off. Firewall
rules have to be carefully crafted to make sure that things like
PMTU discovery do not break.
Document the two kernel options.
PR: kern/71910
PR: kern/73129
MFC after: 1 week
Revision Changes Path
1.167 +14 -1 src/sbin/ipfw/ipfw.8
1.1301 +6 -0 src/sys/conf/NOTES
1.494 +1 -0 src/sys/conf/options
1.297 +12 -0 src/sys/netinet/ip_input.c
1.240 +5 -1 src/sys/netinet/ip_output.c
More information about the cvs-src
mailing list