Update documentation to match the behaviour of ipfw with respect
to net.inet.ip.fw.one_pass. Add to notes to explain the exact behaviour of "prob xxx" and "log" options. Virtually approved by: re (mentioned in rev.1.19 of ip_fw2.c)
This commit is contained in:
parent
f2ec255a33
commit
99652d0eb2
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=107288
@ -463,6 +463,9 @@ random packet drop or
|
||||
.Xr dummynet 4 )
|
||||
to simulate the effect of multiple paths leading to out-of-order
|
||||
packet delivery.
|
||||
.Pp
|
||||
Note: this condition is checked before any other condition, including
|
||||
ones such as keep-state or check-state which might have side effects.
|
||||
.It Cm log Op Cm logamount Ar number
|
||||
When a packet matches a rule with the
|
||||
.Cm log
|
||||
@ -492,6 +495,9 @@ clearing the logging counter or the packet counter for that entry, see the
|
||||
.Cm resetlog
|
||||
command.
|
||||
.Pp
|
||||
Note: logging is done after all other packet matching conditions
|
||||
have been successfully verified, and before performing the final
|
||||
action (accept, deny, etc.) on the packet.
|
||||
.El
|
||||
.Ss RULE ACTIONS
|
||||
A rule can be associated with one of the following actions, which
|
||||
@ -1604,10 +1610,6 @@ When set, the packet exiting from the
|
||||
pipe is not passed though the firewall again.
|
||||
Otherwise, after a pipe action, the packet is
|
||||
reinjected into the firewall at the next rule.
|
||||
.Pp
|
||||
Note: bridged and layer 2 packets coming out of a pipe
|
||||
are never reinjected in the firewall irrespective of the
|
||||
value of this variable.
|
||||
.It Em net.inet.ip.fw.verbose : No 1
|
||||
Enables verbose messages.
|
||||
.It Em net.inet.ip.fw.verbose_limit : No 0
|
||||
|
Loading…
Reference in New Issue
Block a user