diff options
author | andre <andre@FreeBSD.org> | 2005-02-22 17:40:40 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2005-02-22 17:40:40 +0000 |
commit | 9094f4f16b2edec6f6ff3cad13b2e466bc92e104 (patch) | |
tree | 27e1404f31af0c65be78d4fe952e2b86a85ad18d /sbin/ipfw | |
parent | 67b4f62450af59f85c9b21ddd07ab0a5011d36a4 (diff) | |
download | FreeBSD-src-9094f4f16b2edec6f6ff3cad13b2e466bc92e104.zip FreeBSD-src-9094f4f16b2edec6f6ff3cad13b2e466bc92e104.tar.gz |
Bring back the full packet destination manipulation for 'ipfw fwd'
with the kernel compile time option:
options IPFIREWALL_FORWARD_EXTENDED
This option has to be specified in addition to IPFIRWALL_FORWARD.
With this option even packets targeted for an IP address local
to the host can be redirected. All restrictions to ensure proper
behaviour for locally generated packets are turned off. Firewall
rules have to be carefully crafted to make sure that things like
PMTU discovery do not break.
Document the two kernel options.
PR: kern/71910
PR: kern/73129
MFC after: 1 week
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 6c053da..3f4bc9a 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -1,7 +1,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 22, 2004 +.Dd February 22, 2005 .Dt IPFW 8 .Os .Sh NAME @@ -672,6 +672,19 @@ This makes the .Xr netstat 1 entry look rather weird but is intended for use with transparent proxy servers. +.Pp +To enable +.Cm fwd +a custom kernel needs to be compiled with the option +.Cd "options IPFIREWALL_FORWARD" . +With the additional option +.Cd "options IPFIREWALL_FORWARD_EXTENDED" +all safeguards are removed and it also makes it possible to redirect +packets destined to locally configured IP addresses. +Please note that such rules apply to locally generated packets as +well and great care is required to ensure proper behaviour for +automatically generated packets like ICMP message size exceeded +and others. .It Cm pipe Ar pipe_nr Pass packet to a .Xr dummynet 4 |