diff options
author | bz <bz@FreeBSD.org> | 2005-08-13 11:02:34 +0000 |
---|---|---|
committer | bz <bz@FreeBSD.org> | 2005-08-13 11:02:34 +0000 |
commit | 5434a588080f496f3f78c9b62fcc9bc2993449cb (patch) | |
tree | 6f00a69da3358c57d462226e8f8fb77137db166c /sbin/ipfw/ipfw.8 | |
parent | 810123c2f688458c9677d8cd08da90460f18926c (diff) | |
download | FreeBSD-src-5434a588080f496f3f78c9b62fcc9bc2993449cb.zip FreeBSD-src-5434a588080f496f3f78c9b62fcc9bc2993449cb.tar.gz |
* Add dynamic sysctl for net.inet6.ip6.fw.
* Correct handling of IPv6 Extension Headers.
* Add unreach6 code.
* Add logging for IPv6.
Submitted by: sysctl handling derived from patch from ume needed for ip6fw
Obtained from: is_icmp6_query and send_reject6 derived from similar
functions of netinet6,ip6fw
Reviewed by: ume, gnn; silence on ipfw@
Test setup provided by: CK Software GmbH
MFC after: 6 days
Diffstat (limited to 'sbin/ipfw/ipfw.8')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 5754936..2765f6b 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 30, 2005 +.Dd August 13, 2005 .Dt IPFW 8 .Os .Sh NAME @@ -710,6 +710,10 @@ Synonym for Discard packets that match this rule, and if the packet is a TCP packet, try to send a TCP reset (RST) notice. The search terminates. +.It Cm reset6 +Discard packets that match this rule, and if the +packet is a TCP packet, try to send a TCP reset (RST) notice. +The search terminates. .It Cm skipto Ar number Skip all subsequent rules numbered less than .Ar number . @@ -736,6 +740,17 @@ is a number from 0 to 255, or one of these aliases: or .Cm precedence-cutoff . The search terminates. +.It Cm unreach6 Ar code +Discard packets that match this rule, and try to send an ICMPv6 +unreachable notice with code +.Ar code , +where +.Ar code +is a number from 0, 1, 3 or 4, or one of these aliases: +.Cm no-route, admin-prohib, address +or +.Cm port . +The search terminates. .It Cm netgraph Ar cookie Divert packet into netgraph with given .Ar cookie . @@ -1036,6 +1051,8 @@ Hop-to-hop options .Pq Cm hopopt , Source routing .Pq Cm route , +Destination options +.Pq Cm dstopt , IPSec authentication headers .Pq Cm ah , and IPSec encapsulated security payload headers @@ -2018,6 +2035,8 @@ reinjected into the firewall at the next rule. Enables verbose messages. .It Em net.inet.ip.fw.verbose_limit : No 0 Limits the number of messages produced by a verbose firewall. +.It Em net.inet6.ip6.fw.deny_unknown_exthdrs : No 1 +If enabled packets with unknown IPv6 Extension Headers will be denied. .It Em net.link.ether.ipfw : No 0 Controls whether layer-2 packets are passed to .Nm . |