於 星期五,2018-05-25 於 21:42 +0800,藍挺瑋 提到: > 於 星期四,2018-05-24 於 08:18 -0700,Rodney W. Grimes 提到: > > > Hello, > > > > > > I upgraded my desktop system from FreeBSD 11.2-BETA1 last week, and I > > > found > > > the > > > sysctl 'net.inet.ip.fw.dyn_keep_states' got removed. I upgraded it again > > > to > > > FreeBSD 11.2-BETA2 today, and I still could not find it. Currently I rely > > > on > > > both 'net.inet.ip.fw.default_to_accept=1' and > > > 'net.inet.ip.fw.dyn_keep_states=1' > > > to be able to reload firewall rules with 'service ipfw restart' without > > > breaking > > > existing TCP connections. As this sysctl variable is still mentioned in > > > ipfw(8) > > > man page, will it be brought back in future versions, or there will be an > > > alternative solution for firewall rules reload? > > > > As a follow up to this discusion, there has been a merge of code > > into the stable/11 branch that should be in the 11.2-BETA3 build > > that corrects this missing sysctl, > > It is nice to know this! > > > could you please test this > > build when it comes out and provide feed back to how it works > > for you. > > Yes, I will test it. I already tested it on 11.2-BETA2 by manually applying > patches from r333986 and 334039, and it worked fine for me.
I just upgraded my desktop to FreeBSD 11.2-BETA3. net.inet.ip.fw.dyn_keep_states is available and works for me. _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
