d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
099dd0430b
freebsd-skq/sys
History
Andre Oppermann 099dd0430b Bring back the full packet destination manipulation for 'ipfw fwd' 
with the kernel compile time option:

 options IPFIREWALL_FORWARD_EXTENDED

This option has to be specified in addition to IPFIRWALL_FORWARD.

With this option even packets targeted for an IP address local
to the host can be redirected.  All restrictions to ensure proper
behaviour for locally generated packets are turned off.  Firewall
rules have to be carefully crafted to make sure that things like
PMTU discovery do not break.

Document the two kernel options.

PR:		kern/71910
PR:		kern/73129
MFC after:	1 week
2005-02-22 17:40:40 +00:00
..
alpha Use a common multi-inclusion protection, and add such a 2005-02-19 21:16:48 +00:00
amd64 Use a common multi-inclusion protection, and add such a 2005-02-19 21:16:48 +00:00
arm MFp4: get the code that set the pc correctly to work, remove a few IQ31244 2005-02-20 21:34:59 +00:00
boot Document the new default init_path. 2005-02-17 11:14:45 +00:00
bsm Add a stub audit_kevents.h, which defines exactly one audit event: 2005-02-02 14:27:36 +00:00
cam Reference a pointer correctly when copying to it's location. 2005-02-21 00:28:36 +00:00
coda Replace the workaround for a deadlock bug in Coda with a different 2005-02-20 23:01:57 +00:00
compat Neuter linux_ustat() until somebody finds time to try to fix it. 2005-02-22 13:39:46 +00:00
conf Bring back the full packet destination manipulation for 'ipfw fwd' 2005-02-22 17:40:40 +00:00
contrib Do not fail to initialize callouts (on SMP only) -- it leads to crashing. 2005-02-22 04:27:05 +00:00
crypto Start the dreaded NOFOO -> NO_FOO conversion. 2004-12-21 08:47:35 +00:00
ddb Start each of the license/copyright comments with /*- 2005-01-06 01:34:41 +00:00
dev Neuter DRM(mapbufs) until somebody finds time to try to fix it. 2005-02-22 13:56:15 +00:00
doc Experimental support for using doxygen to generate kernel documentation. 2004-07-11 16:13:57 +00:00
fs Reap more benefits from DEVFS: 2005-02-22 15:51:07 +00:00
gdb /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 18:27:30 +00:00
geom Try to unbreak the vnode locking around vop_reclaim() (based mostly on 2005-02-19 11:44:57 +00:00
gnu Make a SYSCTL_NODE static 2005-02-10 12:23:29 +00:00
i4b /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 22:18:23 +00:00
i386 Support disabling individual cpufreq drivers with hints, e.g., 2005-02-22 06:31:45 +00:00
ia64 Use a common multi-inclusion protection, and add such a 2005-02-19 21:16:48 +00:00
isa Use the local APIC timer to drive the various kernel clocks on SMP machines 2005-02-08 20:25:07 +00:00
isofs/cd9660 Conditionalize cd9660 chattiness regarding the nature of the file system 2005-02-18 10:49:55 +00:00
kern Reap more benefits from DEVFS: 2005-02-22 15:51:07 +00:00
libkern Add strspn() to libkern. 2005-02-10 20:39:39 +00:00
modules Hook EST up to the build. 2005-02-20 20:29:04 +00:00
net Typo in comment. 2005-02-22 15:29:29 +00:00
net80211 rev 1.19 fixed wpa supplicant but broke wpa authenticator; when operating 2005-02-10 17:00:48 +00:00
netatalk When generating a phase II ARP lookup from aarpwhohas(), use a 2005-02-22 14:37:22 +00:00
netatm In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netgraph In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netinet Bring back the full packet destination manipulation for 'ipfw fwd' 2005-02-22 17:40:40 +00:00
netinet6 Add CARP (Common Address Redundancy Protocol), which allows multiple 2005-02-22 13:04:05 +00:00
netipsec /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
netipx In the current world order, solisten() implements the state transition of 2005-02-21 21:58:17 +00:00
netkey fixed an unexpected addr/port matching failure in IPv6 SA management 2005-01-10 13:06:42 +00:00
netnatm Mark netatm and netnatm explicitly as requiring Giant, as they still do. 2005-02-17 14:21:22 +00:00
netncp /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
netsmb /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
nfs /* -> /*- for license, minor formatting changes 2005-01-07 01:45:51 +00:00
nfs4client Follow v_id changes in NFSv[23] 2005-02-22 15:15:28 +00:00
nfsclient vp->v_id is a private field for the vfs namecache and it is a big mistake 2005-02-22 14:52:00 +00:00
nfsserver Don't try to create vnode_pager objects on other filesystems vnodes, 2005-01-24 22:09:13 +00:00
opencrypto /* -> /*- for license, minor formatting changes 2005-01-07 02:29:27 +00:00
pc98 Merged from sys/dev/sio/sio.c revision 1.458. 2005-02-11 03:41:34 +00:00
pccard Remove more deadwood that never got implemented in NEWCARD, since NEWCARD 2005-02-15 02:54:53 +00:00
pci Correct the SiS 755 PCI ID. Confirmed against Linux code. 2005-02-14 07:30:04 +00:00
posix4 /* -> /*- for license, minor formatting changes 2005-01-07 02:29:27 +00:00
powerpc Use a common multi-inclusion protection, and add such a 2005-02-19 21:16:48 +00:00
rpc /* -> /*- for license, minor formatting changes 2005-01-07 02:29:27 +00:00
security Synchronize HEAD copyright/license with RELENG_5 copyright/license: 2005-02-13 13:59:34 +00:00
sparc64 Silence witness warnings about duplicate pmap lock emitted since 2005-02-18 15:37:34 +00:00
sys Reap more benefits from DEVFS: 2005-02-22 15:51:07 +00:00
tools Add VOP_FOO_APV() which takes a pointer to the vop_vector. 2005-02-08 12:54:32 +00:00
ufs The recomputation of file system summary at mount time can be a 2005-02-20 08:02:15 +00:00
vm Try to unbreak the vnode locking around vop_reclaim() (based mostly on 2005-02-19 11:44:57 +00:00
Makefile Add a NO_BOOT knob to prevent building the boot blocks and loader. 2004-08-19 09:54:28 +00:00