any reason not to enable IPDIVERT for ipfw module?
John-Mark Gurney
jmg at funkthat.com
Fri Oct 31 19:12:19 UTC 2014
Can any one think of a good reason not to enable IPDIVERT sockets in
the ipfw module?
And possibly enabling default to accept? That way you don't have to
go to the console when you load the ipfw module because you forgot to
auto add the accept all rule? :)
something like:
==== //depot/projects/opencrypto/sys/modules/ipfw/Makefile#3 - /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile ====
--- /tmp/tmp.15774.16 2014-10-31 12:11:56.000000000 -0700
+++ /home/jmg/freebsd.p4/opencrypto/sys/modules/ipfw/Makefile 2014-10-31 12:11:54.000000000 -0700
@@ -16,7 +16,10 @@
#CFLAGS+= -DIPFIREWALL_VERBOSE_LIMIT=100
#
#If you want it to pass all packets by default
-#CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+CFLAGS+= -DIPFIREWALL_DEFAULT_TO_ACCEPT
+#
+#If you want divert sockets
+CFLAGS+= -DIPDIVERT
#
.include <bsd.kmod.mk>
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-net
mailing list