CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Luigi Rizzo <luigi@FreeBSD.org>
	Fri, 16 Aug 2002 10:31:47 +0000 (10:31 +0000)
committer	Luigi Rizzo <luigi@FreeBSD.org>
	Fri, 16 Aug 2002 10:31:47 +0000 (10:31 +0000)
commit	99e5e6450432b70cd817fb4f9b957f5bcdbcb5f3
tree	c018d30b6e13ffd478e5f8dbd8ccb56514608032	tree \| snapshot
parent	ffd711039fe621c4cdf64203c2d8e73fc6e35cc9	commit \| diff

sys/netinet/ip_fw2.c:

    Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.

sbin/ipfw/ipfw.8		diff \| blob \| history
sbin/ipfw/ipfw2.c		diff \| blob \| history
sys/netinet/ip_fw2.c		diff \| blob \| history