diff options
author | melifaro <melifaro@FreeBSD.org> | 2013-12-18 20:17:05 +0000 |
---|---|---|
committer | melifaro <melifaro@FreeBSD.org> | 2013-12-18 20:17:05 +0000 |
commit | ce16a97371169a2ff661ae838180ec527f383e52 (patch) | |
tree | ff26a5b2fef152bea4afc4464edccc687d0e1919 /sbin | |
parent | 2f0743dad34f9fe5f923cf3f0490c19d31fcb3cf (diff) | |
download | FreeBSD-src-ce16a97371169a2ff661ae838180ec527f383e52.zip FreeBSD-src-ce16a97371169a2ff661ae838180ec527f383e52.tar.gz |
Add net.inet.ip.fw.dyn_keep_states sysctl which
re-links dynamic states to default rule instead of
flushing on rule deletion.
This can be useful while performing ruleset reload
(think about `atomic` reload via changing sets).
Currently it is turned off by default.
MFC after: 2 weeks
Sponsored by: Yandex LLC
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ipfw/ipfw.8 | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/sbin/ipfw/ipfw.8 b/sbin/ipfw/ipfw.8 index 65fa334..a3ac41d 100644 --- a/sbin/ipfw/ipfw.8 +++ b/sbin/ipfw/ipfw.8 @@ -2933,6 +2933,11 @@ and must be strictly lower than 5 seconds, the period of repetition of keepalives. The firewall enforces that. +.It Va net.inet.ip.fw.dyn_keep_states: No 0 +Keep dynamic states on rule/set deletion. +States are relinked to default rule (65535). +This can be handly for ruleset reload. +Turned off by default. .It Va net.inet.ip.fw.enable : No 1 Enables the firewall. Setting this variable to 0 lets you run your machine without |