John Hay wrote: >>>Is there any harm in making IPFIREWALL_FORWARD default for the ipfw >>>module? For that matter, why have a separate FORWARD option and not >>>just have it as part of the standard firewall stuff? >>> >>> >>The reason is simple. FORWARD modifies the entire ip_input(), ip_output() >>and tcp_input() path. This is not something that should be in stock kernels >>unless you want to use 'ipfw fwd' (which is only a minority). >> >> > >Ok, what about another module, called say ipfwfwd or something, that is >ipfw compiled with forwarding? Then one can just load the one >apropriate for you. > no you misunderstood what he said..the IPFIREWALL_FORWARD option not only modifies the ipfw module but also modifies teh IP stack.. a special ipfw module would only have done half the change.. I don't know how it would fail... catastrophic or not, but it would definitly fail to work..Received on Tue Oct 26 2004 - 16:19:16 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:19 UTC