On 21/5/18 2:45 am, Andrey V. Elsukov wrote:
On 20.05.2018 11:00, 藍挺瑋 wrote:
Hello,
I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I found the
sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again to
FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely on
both 'net.inet.ip.fw.default_to_accept=1' and 'net.inet.ip.fw.dyn_keep_states=1'
to be able to reload firewall rules with 'service ipfw restart' without breaking
existing TCP connections. As this sysctl variable is still mentioned in ipfw(8)
man page, will it be brought back in future versions, or there will be an
alternative solution for firewall rules reload?
Hi,
I'll try to implement this feature in this new implementation and will
report back to you. Unfortunately, it will not appear in 11.2-RELEASE,
but I think it can be resurrected in 11.2-STABLE and 12.0-RELEASE.
I'm sorry about that.
I think a better idea would be to specify a rule number rather than
just 1 or 0
Or at least be more flexible.
I use a lot of dynamic rules that have actions like 'skipto' or nat
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
