|
Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
| #
1e831468 |
| 14-Feb-2019 |
Aaron LI <aly@aaronly.me> |
ipfw3: Fix several comments and error messages
|
| #
372a54ac |
| 07-Jan-2019 |
Your Name <you@example.com> |
ipfw3: insert the new rule in the beginning
"ipfw3 add" is still the same, while the "ipfw3 insert" is the new method
which will insert the new rule in the beginning of the rule list.
|
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1 |
|
| #
4408d548 |
| 12-May-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_nat: highspeed lockless in-kernel NAT
RB-Tree to stored the state for the outgoing packets, and multidimentional
array of pointers to keep the state for the incoming packets.
|
| #
dff1aee3 |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: remove legacy macros
|
| #
2490fdca |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: format
|
| #
992b3001 |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: list loaded modules
|
| #
dc73a0a4 |
| 08-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3nat: delete the libalias 3
|
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc |
|
| #
59ea0e34 |
| 21-Mar-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: use the headers in include folder
|
| #
d0937b0e |
| 30-Jan-2018 |
zrj <rimvydas.jasinskas@gmail.com> |
ipfw3(8): Increase stack storage for linename.
To accommodate fully the "Line %d" format and avoid buffer overflow.
Do the same some for ip6fw(8).
|
|
Revision tags: v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0 |
|
| #
9187b359 |
| 21-Jun-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the L
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the LIST and trying to find the matched alias_link. by seperating the
libalias into context of different CPUs, the lock can be removed. and due to the
nature of NAT, the outgoing and incoming packets are possible to be handled by
different CPUs, to ensure the returning packet can be translated properly, the
newly created alias_link is required to be duplicated and inserted into contexts
of both CPUs.
e.g.
ipfw3 nat 1 config if em0
ipfw3 nat 1 all via em0
ipfw3 nat 1 show state
show more ...
|
|
Revision tags: v4.4.3 |
|
| #
e2124e7d |
| 26-Feb-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or ed
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or edge mode. the centre will automatically sync the states from
centre to the edge.
e.g.
ipfw3 sync edge 5000
ipfw3 sync start edge
ipfw3 sync centre 192.168.1.1:5000,192.168.1.2:5000
ipfw3 sync start centre
ipfw3 sync show config
ipfw3 sync show status
ipfw3 sync test centre 123
show more ...
|
|
Revision tags: v4.4.2 |
|
| #
1f750495 |
| 17-Dec-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: logging feature
ifconfig ipfw0 create
ipfw3 add allow log 0 icmp
support max=9 pseudo ipfw interfaces.
the logged packets header will be 0x41 & 0x42.
the logged frames can keep the original
ipfw3: logging feature
ifconfig ipfw0 create
ipfw3 add allow log 0 icmp
support max=9 pseudo ipfw interfaces.
the logged packets header will be 0x41 & 0x42.
the logged frames can keep the original MAC.
show more ...
|
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
| #
3b6ebdc3 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: shorten func show_filter and MACRO
|
| #
b3d408d6 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: func to (re)name the table
|
| #
e1615a25 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: func to check if val exists in tbl
usage:
ipfw3 table <id> test <type> <val>
output:
YES, <val> exists in table <id>
NO, <val> not exists in table <id>
|
| #
390a3a0e |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: support lookup tables
|
|
Revision tags: v4.2.4, v4.3.1, v4.2.3, v4.2.1 |
|
| #
6ce8c93f |
| 28-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: join same filters with or operator
example:
ipfw3 add allow icmp to <ip addr 1> or <ip addr 2> ...
|
|
Revision tags: v4.2.0 |
|
| #
0fe3a974 |
| 21-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: show NAT records
show all 'NAT records' which relate to the 'NAT config 1'
which is same as 'ip show nat translation' in CISCO routers.
usage:
ipfw3 nat 1 show state
|
| #
b34cca6d |
| 16-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: stop deleting in-use NAT conf
|
|
Revision tags: v4.0.6, v4.3.0, v4.2.0rc |
|
| #
57e0ad13 |
| 13-May-2015 |
Sascha Wildner <saw@online.de> |
Ansify a few functions.
|
| #
1782f138 |
| 13-May-2015 |
Sascha Wildner <saw@online.de> |
ipfw3: Indent two switch()es better and add braces to while().
|
| #
49b8c4c8 |
| 11-May-2015 |
Sascha Wildner <saw@online.de> |
ipfw3(8): Small indent adjustment.
|
| #
5ee21f45 |
| 11-May-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
Fix: buf size issue in do_get/set_x
|
|
Revision tags: v4.0.5 |
|
| #
bc9fd5d6 |
| 15-Mar-2015 |
Sascha Wildner <saw@online.de> |
ipfw3(8): Fix indent.
|
| #
6a03354e |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
ipfw2 - Rename FreeBSD ipfw port to ipfw3
* Rename all elements of the port to ipfw3 to reduce confusion.
|