git: ipfw/ipfw3 - Add pre-load sysctl to default filter to accept

Matthew Dillon Thu, 12 Mar 2015 18:17:11 -0700

commit d0930e0d9824a3339c8c404418cb223e6f3e339b
Author: Matthew Dillon <[email protected]>
Date:   Thu Mar 12 18:08:56 2015 -0700


    ipfw/ipfw3 - Add pre-load sysctl to default filter to accept
    
    * Add sysctl and tunable 'net.filters_default_to_accept', which defaults
      to off.  If this variable is set to non-zero prior to loading the ipfw
      or ipfw3 modules, IPFW will default to allowing all packets through 
instead
      of denying all packets.
    
    * It is necessary to use this feature for netbooted systems with NFS roots
      as the system will not be able to load the rules table after kldloading
      the related module(s) otherwise.

Summary of changes:
 sys/net/ipfw/ip_fw2.c  | 5 ++++-
 sys/net/ipfw3/ip_fw3.c | 5 ++++-
 sys/net/pfil.c         | 7 +++++++
 sys/net/pfil.h         | 2 ++
 4 files changed, 17 insertions(+), 2 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/d0930e0d9824a3339c8c404418cb223e6f3e339b


-- 
DragonFly BSD source repository

git: ipfw/ipfw3 - Add pre-load sysctl to default filter to accept

Reply via email to