Matthew Dillon wrote:
> :I have a patch here which makes the IPFIREWALL_DEFAULT_TO_ACCEPT tunable
> :at module load time using a kernel environment variable.  Looks to me
> :that it would do what you want.
>     No, this isn't what I want.  I want something that can be articulated
>     without having to reboot the whole system.

You don't need to reboot with this patch.  As I already said it, it's a
*module load time* tunable.  So if you use ipfw as a module, it will do
what you want.  If you don't, it's of course useless.

Now I would really dislike seeing your patch in the tree, since I
consider it's a rather crude hack to circumvent the ABI problems of
ipfw.  As I've already said to luigi in private e-mail (I would be
surprised if this hasn't been already discussed in the lists as well), 
the proper way to fix this problem is to separate the kernel and
userland structures of ipfw, and add versioning to the struct.

This can be done without even breaking the ABI again, since several
pointers in the kernel structures are useless to userland (like the next
field) and can be reused to implement structure versioning.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to