|
Revision tags: v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
| #
372a54ac |
| 07-Jan-2019 |
Your Name <you@example.com> |
ipfw3: insert the new rule in the beginning
"ipfw3 add" is still the same, while the "ipfw3 insert" is the new method
which will insert the new rule in the beginning of the rule list.
|
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1 |
|
| #
a111228d |
| 13-May-2018 |
Sascha Wildner <saw@online.de> |
Fix LINT64 for the recent ipfw3 changes.
Reported-by: ftigeot
|
| #
4408d548 |
| 12-May-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3_nat: highspeed lockless in-kernel NAT
RB-Tree to stored the state for the outgoing packets, and multidimentional
array of pointers to keep the state for the incoming packets.
|
| #
dff1aee3 |
| 13-Apr-2018 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: remove legacy macros
|
| #
daaaebdb |
| 09-Apr-2018 |
Antonio Huete Jimenez <tuxillo@quantumachine.net> |
contrib/libpcap - Local adjustments
- Use system's net/bpf.h instead of libpcap's one.
- Will help fixing net/vde2 and possible other ports that use a
combination of net/bpf.h and pcap.h as descri
contrib/libpcap - Local adjustments
- Use system's net/bpf.h instead of libpcap's one.
- Will help fixing net/vde2 and possible other ports that use a
combination of net/bpf.h and pcap.h as described in f92f178f07f
show more ...
|
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1 |
|
| #
b089787f |
| 16-Sep-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
dummynet: Don't deliver freed mbuf to callers.
|
|
Revision tags: v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0 |
|
| #
9187b359 |
| 21-Jun-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the L
ipfw3: lockless in-kernel NAT
The libalias is used in kernel space for in-kernel NAT, and its alias_link
entries are stored with LIST. so all the packets which need to be NAT will scan
against the LIST and trying to find the matched alias_link. by seperating the
libalias into context of different CPUs, the lock can be removed. and due to the
nature of NAT, the outgoing and incoming packets are possible to be handled by
different CPUs, to ensure the returning packet can be translated properly, the
newly created alias_link is required to be duplicated and inserted into contexts
of both CPUs.
e.g.
ipfw3 nat 1 config if em0
ipfw3 nat 1 all via em0
ipfw3 nat 1 show state
show more ...
|
|
Revision tags: v4.4.3 |
|
| #
e2124e7d |
| 26-Feb-2016 |
Bill Yuan <bycn82@dragonflybsd.org> |
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or ed
ipfw3: new feature 'ipfwsync'
ipfwsync is a new feature to synchronize firewall states between machines
which is running ipfw3 firewall for high availability. ipfw3 can be configured
in centre or edge mode. the centre will automatically sync the states from
centre to the edge.
e.g.
ipfw3 sync edge 5000
ipfw3 sync start edge
ipfw3 sync centre 192.168.1.1:5000,192.168.1.2:5000
ipfw3 sync start centre
ipfw3 sync show config
ipfw3 sync show status
ipfw3 sync test centre 123
show more ...
|
|
Revision tags: v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
| #
3b6ebdc3 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: shorten func show_filter and MACRO
|
| #
fc6b5ee0 |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: misc fix
|
| #
390a3a0e |
| 01-Oct-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: support lookup tables
|
|
Revision tags: v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0 |
|
| #
0fe3a974 |
| 21-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: show NAT records
show all 'NAT records' which relate to the 'NAT config 1'
which is same as 'ip show nat translation' in CISCO routers.
usage:
ipfw3 nat 1 show state
|
| #
e895e94d |
| 17-Jun-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
ipfw3: support bpf filter in layer4 module
syntax:
bpf "<bpf string>"
e.g.
ipfw3 add allow all bpf "icmp and src 8.8.8.8"
bpf can be used to filter the packet payload.
pcap_compile_nocap was used
ipfw3: support bpf filter in layer4 module
syntax:
bpf "<bpf string>"
e.g.
ipfw3 add allow all bpf "icmp and src 8.8.8.8"
bpf can be used to filter the packet payload.
pcap_compile_nocap was used to compile the bpf string
and bpf_filter for the filtering.
show more ...
|
|
Revision tags: v4.0.6, v4.3.0, v4.2.0rc |
|
| #
03c7df6d |
| 11-May-2015 |
Bill Yuan <bycn82@leaf.dragonflybsd.org> |
License: Preserve previous licensor information
|
|
Revision tags: v4.0.5 |
|
| #
33381221 |
| 14-Mar-2015 |
Sascha Wildner <saw@online.de> |
kernel/ipfw3: Fix LINT64 building.
* Remove a duplicate definition of DPRINTF().
* Fix a DPRINTF() argument.
|
| #
6a03354e |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
ipfw2 - Rename FreeBSD ipfw port to ipfw3
* Rename all elements of the port to ipfw3 to reduce confusion.
|