diff options
author | phk <phk@FreeBSD.org> | 1996-02-23 15:47:58 +0000 |
---|---|---|
committer | phk <phk@FreeBSD.org> | 1996-02-23 15:47:58 +0000 |
commit | 37d6472c4f2c7b8e39635fc5494ab71a47e41caa (patch) | |
tree | 97c7360219d204b89bc15ace01e53279c1509f40 /sys/i386/conf | |
parent | 8b3d623d7962824ee462d964e5374d96532e5807 (diff) | |
download | FreeBSD-src-37d6472c4f2c7b8e39635fc5494ab71a47e41caa.zip FreeBSD-src-37d6472c4f2c7b8e39635fc5494ab71a47e41caa.tar.gz |
Big sweep over the IPFIREWALL and IPACCT code.
Close the ip-fragment hole.
Waste less memory.
Rewrite to contemporary more readable style.
Kill separate IPACCT facility, use "accept" rules in IPFIREWALL.
Filter incoming >and< outgoing packets.
Replace "policy" by sticky "deny all" rule.
Rules have numbers used for ordering and deletion.
Remove "rerorder" code entirely.
Count packet & bytecount matches for rules.
Code in -current & -stable is now the same.
Diffstat (limited to 'sys/i386/conf')
-rw-r--r-- | sys/i386/conf/LINT | 7 | ||||
-rw-r--r-- | sys/i386/conf/NOTES | 7 |
2 files changed, 2 insertions, 12 deletions
diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index eb6dc9a..78f30ea 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.238 1996/02/06 20:57:46 wollman Exp $ +# $Id: LINT,v 1.239 1996/02/13 18:16:18 wollman Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -191,9 +191,6 @@ pseudo-device tun 1 #Tunnel driver(user process ppp) # IPFIREWALL enables support for IP firewall construction, in # conjunction with the `ipfw' program. IPFIREWALL_VERBOSE does # the obvious thing. -# IPFIREWALL_ORDER_RULES makes the ipfw code sort the rules. You -# don't want that, it's only there to be backward compatible. -# IPACCT enables IP accounting. # # TCPDEBUG is undocumented. # @@ -202,8 +199,6 @@ options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets -options IPFIREWALL_ORDER_RULES # bogusly sort rules. -options IPACCT #ipaccounting options TCPDEBUG diff --git a/sys/i386/conf/NOTES b/sys/i386/conf/NOTES index eb6dc9a..78f30ea 100644 --- a/sys/i386/conf/NOTES +++ b/sys/i386/conf/NOTES @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.238 1996/02/06 20:57:46 wollman Exp $ +# $Id: LINT,v 1.239 1996/02/13 18:16:18 wollman Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -191,9 +191,6 @@ pseudo-device tun 1 #Tunnel driver(user process ppp) # IPFIREWALL enables support for IP firewall construction, in # conjunction with the `ipfw' program. IPFIREWALL_VERBOSE does # the obvious thing. -# IPFIREWALL_ORDER_RULES makes the ipfw code sort the rules. You -# don't want that, it's only there to be backward compatible. -# IPACCT enables IP accounting. # # TCPDEBUG is undocumented. # @@ -202,8 +199,6 @@ options MROUTING # Multicast routing options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #print information about # dropped packets -options IPFIREWALL_ORDER_RULES # bogusly sort rules. -options IPACCT #ipaccounting options TCPDEBUG |