Matthew Dillon wrote: > :I have a patch here which makes the IPFIREWALL_DEFAULT_TO_ACCEPT tunable > :at module load time using a kernel environment variable. Looks to me > :that it would do what you want. > > No, this isn't what I want. I want something that can be articulated > without having to reboot the whole system.
You don't need to reboot with this patch. As I already said it, it's a *module load time* tunable. So if you use ipfw as a module, it will do what you want. If you don't, it's of course useless. Now I would really dislike seeing your patch in the tree, since I consider it's a rather crude hack to circumvent the ABI problems of ipfw. As I've already said to luigi in private e-mail (I would be surprised if this hasn't been already discussed in the lists as well), the proper way to fix this problem is to separate the kernel and userland structures of ipfw, and add versioning to the struct. This can be done without even breaking the ABI again, since several pointers in the kernel structures are useless to userland (like the next field) and can be reused to implement structure versioning. Cheers, Maxime To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message