Re: ipfw output FWD broken on 6.1 and newer?

From: Freddie Cash <fcash_at_ocis.net>
Date: Thu, 3 Aug 2006 08:29:47 -0700 (PDT)
On Wed, August 2, 2006 5:45 pm, Julian Elischer wrote:
> I haven't tried 7.x yet but has anyone seen
> the FWD command of ipfw running on 6.1?
>
> or anyone know of problems with it that may have been fixed on
> -current?

It's working fine for us here.  Been using the same kernel config file
(with the needed changes from 4.x to 5.x to 6.x) and ruleset on our
firewalls.  They started life as FreeBSD 4.2 boxes, were upgraded
through to 4.11, and then re-installed with 6.0 and finally upgraded
to 6.1.

The kernel config section for our firewall kernels is just:
# Firewall options
options         IPSTEALTH
options         IPDIVERT
options         DUMMYNET
options         IPFIREWALL
options         IPFIREWALL_FORWARD
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=500
options         IPFIREWALL_DEFAULT_TO_ACCEPT

We used fwd rules a lot for our VPN links between schools, and a
couple of sites use them for trasparent proxying using
squid+dansguardian.  Haven't had any issues so far.

We've never included the _EXTENDED option, nor really seen a need for
it (or a problem without it).

HTH,

----
Freddie Cash
fcash_at_ocis.net
Received on Thu Aug 03 2006 - 13:29:52 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:58 UTC