On Thu, Dec 23, 2010 at 8:58 AM, Ian Smith <[email protected]> wrote: > Folks, > > [ If someone implements an /etc/rc.d/ipfw reload command that reliably > works over a remote session without any open firewall window, great, but > I'd rather not discuss the related issues below in reponses to any PR ] > > In order to address issues (and PRs) introduced by and since adding > kernel nat and more recently firewall_coscripts, before offering any > code it's clearly necessary to determine policy for what we should do > when both natd_enable and firewall_nat_enable are set in rc.conf. > > "Don't do that" is not a policy, people will and already are bumping > into this, affecting startup scripts and nat[d] rules in rc.firewall. > > We could: > > 1) Preference kernel nat over natd when both are enabled.
I vote for #1. What about the IPFW documentation regarding NAT in the Handbook? Will there be an update to the NAT instructions: http://www.freebsd.org/doc/handbook/firewalls-ipfw.html -Brandon _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
