Document how interaction with ng_ipfw node is configured.
This commit is contained in:
parent
14cb4a2f66
commit
1676543619
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=141366
@ -726,6 +726,24 @@ is a number from 0 to 255, or one of these aliases:
|
||||
or
|
||||
.Cm precedence-cutoff .
|
||||
The search terminates.
|
||||
.It Cm netgraph Ar cookie
|
||||
Divert packet into netgraph with given
|
||||
.Ar cookie .
|
||||
The search terminates.
|
||||
If packet is later returned from netgraph it is either
|
||||
accepted or continues with the next rule, depending on
|
||||
.Em net.inet.ip.fw.one_pass
|
||||
sysctl variable.
|
||||
.It Cm ngtee Ar cookie
|
||||
A copy of packet is diverted into netgraph, original
|
||||
packet continues with next rule.
|
||||
See
|
||||
.Xr ng_ipfw 4
|
||||
for more information on
|
||||
.Cm netgraph
|
||||
and
|
||||
.Cm ngtee
|
||||
actions.
|
||||
.El
|
||||
.Ss RULE BODY
|
||||
The body of a rule contains zero or more patterns (such as
|
||||
@ -1902,8 +1920,10 @@ firewall even if compiled in.
|
||||
.It Em net.inet.ip.fw.one_pass : No 1
|
||||
When set, the packet exiting from the
|
||||
.Xr dummynet 4
|
||||
pipe is not passed though the firewall again.
|
||||
Otherwise, after a pipe action, the packet is
|
||||
pipe or from
|
||||
.Xr ng_ipfw 4
|
||||
node is not passed though the firewall again.
|
||||
Otherwise, after an action, the packet is
|
||||
reinjected into the firewall at the next rule.
|
||||
.It Em net.inet.ip.fw.verbose : No 1
|
||||
Enables verbose messages.
|
||||
@ -2325,6 +2345,7 @@ the sleep terminates thus restoring the previous situation.
|
||||
.Xr bridge 4 ,
|
||||
.Xr divert 4 ,
|
||||
.Xr dummynet 4 ,
|
||||
.Xr ng_ipfw 4 ,
|
||||
.Xr ip 4 ,
|
||||
.Xr ipfirewall 4 ,
|
||||
.Xr protocols 5 ,
|
||||
|
Loading…
Reference in New Issue
Block a user