From: 'Luigi Rizzo' [mailto:[EMAIL PROTECTED] > On Fri, Jun 20, 2003 at 02:18:17PM -0400, Don Bowman wrote: > ... > > Thanks very much, I will check this. I assume this will be true > > for IPFW2 rather than IPFW. > > one_pass actually affect both. > the comment in parentheses refers to "layer 2 firewalling > which is an ipfw2-only fature (bridge firewalling > is also available with ipfw1)
This works correctly, thanks very much. Attached is a trivial patch to correct the man page. Is there a benefit to having the single wide pipe first, or the many narrow pipes first, in the ruleset? $ cvs diff -U5 ipfw.8 Index: ipfw.8 =================================================================== RCS file: /usr/cvs/src/sbin/ipfw/ipfw.8,v retrieving revision 1.63.2.28 diff -U5 -r1.63.2.28 ipfw.8 --- ipfw.8 30 Sep 2002 20:57:05 -0000 1.63.2.28 +++ ipfw.8 20 Jun 2003 18:49:02 -0000 @@ -1587,14 +1587,10 @@ When set, the packet exiting from the .Xr dummynet 4 pipe is not passed though the firewall again. Otherwise, after a pipe action, the packet is reinjected into the firewall at the next rule. -.Pp -Note: bridged and layer 2 packets coming out of a pipe -are never reinjected in the firewall irrespective of the -value of this variable. .It Em net.inet.ip.fw.verbose : No 1 Enables verbose messages. .It Em net.inet.ip.fw.verbose_limit : No 0 Limits the number of messages produced by a verbose firewall. .It Em net.link.ether.ipfw : No 0 _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
