diff options
| author | phk <phk@FreeBSD.org> | 1996-02-23 15:47:58 +0000 |
|---|---|---|
| committer | phk <phk@FreeBSD.org> | 1996-02-23 15:47:58 +0000 |
| commit | 37d6472c4f2c7b8e39635fc5494ab71a47e41caa (patch) | |
| tree | 97c7360219d204b89bc15ace01e53279c1509f40 /sys/conf | |
| parent | 8b3d623d7962824ee462d964e5374d96532e5807 (diff) | |
| download | FreeBSD-src-37d6472c4f2c7b8e39635fc5494ab71a47e41caa.zip FreeBSD-src-37d6472c4f2c7b8e39635fc5494ab71a47e41caa.tar.gz | |
Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.
Code in -current & -stable is now the same.
Diffstat (limited to 'sys/conf')
| -rw-r--r-- | sys/conf/NOTES | 7 | ||||
| -rw-r--r-- | sys/conf/files | 2 |
2 files changed, 1 insertions, 8 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index eb6dc9a..78f30ea 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.238 1996/02/06 20:57:46 wollman Exp $ +# $Id: LINT,v 1.239 1996/02/13 18:16:18 wollman Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -191,9 +191,6 @@ pseudo-device tun 1 #Tunnel driver(user process ppp) # IPFIREWALL enables support for IP firewall construction, in # conjunction with the `ipfw' program. IPFIREWALL_VERBOSE does # the obvious thing. -# IPFIREWALL_ORDER_RULES makes the ipfw code sort the rules. You -# don't want that, it's only there to be backward compatible. -# IPACCT enables IP accounting. # # TCPDEBUG is undocumented. # @@ -202,8 +199,6 @@ options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets -options IPFIREWALL_ORDER_RULES # bogusly sort rules. -options IPACCT #ipaccounting options TCPDEBUG diff --git a/sys/conf/files b/sys/conf/files index 97e4a37..76552c0 100644 --- a/sys/conf/files +++ b/sys/conf/files @@ -199,9 +199,7 @@ netinet/ip_input.c optional inet netinet/ip_mroute.c optional inet netinet/ip_output.c optional inet netinet/raw_ip.c optional inet -netinet/ip_fwdef.c optional inet netinet/ip_fw.c optional ipfirewall -netinet/ip_fw.c optional ipacct netinet/tcp_debug.c optional tcpdebug netinet/tcp_input.c optional inet netinet/tcp_output.c optional inet |
