diff options
author | luigi <luigi@FreeBSD.org> | 2002-11-26 19:51:40 +0000 |
---|---|---|
committer | luigi <luigi@FreeBSD.org> | 2002-11-26 19:51:40 +0000 |
commit | d3e60132e272506103a159ad8ce1948e3c1b7426 (patch) | |
tree | cdf3a0c8cebf8f85139b42149a111d4e2139c5d0 /sbin/ipfw | |
parent | 5ede7f46cea1bd8c183305d72b43018d41c1aa48 (diff) | |
download | FreeBSD-src-d3e60132e272506103a159ad8ce1948e3c1b7426.zip FreeBSD-src-d3e60132e272506103a159ad8ce1948e3c1b7426.tar.gz |
Update documentation to match the behaviour of ipfw with respect
to net.inet.ip.fw.one_pass.
Add to notes to explain the exact behaviour of "prob xxx" and "log"
options.
Virtually approved by: re (mentioned in rev.1.19 of ip_fw2.c)
Diffstat (limited to 'sbin/ipfw')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 48c5961..7fb8272 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -463,6 +463,9 @@ random packet drop or .Xr dummynet 4 ) to simulate the effect of multiple paths leading to out-of-order packet delivery. +.Pp +Note: this condition is checked before any other condition, including +ones such as keep-state or check-state which might have side effects. .It Cm log Op Cm logamount Ar number When a packet matches a rule with the .Cm log @@ -492,6 +495,9 @@ clearing the logging counter or the packet counter for that entry, see the .Cm resetlog command. .Pp +Note: logging is done after all other packet matching conditions +have been successfully verified, and before performing the final +action (accept, deny, etc.) on the packet. .El .Ss RULE ACTIONS A rule can be associated with one of the following actions, which @@ -1604,10 +1610,6 @@ When set, the packet exiting from the pipe is not passed though the firewall again. Otherwise, after a pipe action, the packet is reinjected into the firewall at the next rule. -.Pp -Note: bridged and layer 2 packets coming out of a pipe -are never reinjected in the firewall irrespective of the -value of this variable. .It Em net.inet.ip.fw.verbose : No 1 Enables verbose messages. .It Em net.inet.ip.fw.verbose_limit : No 0 |