Ruslan Ermilov wrote:> For those of you interested, here you can find a patch that
> adds the IPFW2 lookup tables feature to RELENG_4:
>
> http://people.FreeBSD.org/~ru/patches/ipfw_tables.patch
>
> I plan to commit it next Friday. Feedback is appreciated.
Was the patch not made relative to /usr/src? The diff applied cleanly, but I
had to invoke 'patch -p0' for it to find the files.
Anyway, I just finished rebuilding kernel and world, so the changes compile
fine, and it looks like my machine rebooted cleanly. Seems to work okay with
a trivial IPFW2 ruleset, I haven't tried anything more complicated:
00100 78 25096 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 513 53267 allow ip from any to any
---
Copyright (c) 1992-2004 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 4.10-STABLE #2: Thu Jun 10 18:41:59 EDT 2004
root@sec.pkix.net:/usr/obj/usr/src/sys/NORMAL
Timecounter "i8254" frequency 1193182 Hz
CPU: Intel(R) Celeron(TM) CPU 1400MHz (933.37-MHz 686-class
CPU) Origin = "GenuineIntel" Id = 0x6b4 Stepping = 4
Features=0x383f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PA
real memory = 201326592 (196608K bytes)
avail memory = 191160320 (186680K bytes)
Preloaded elf kernel "kernel" at 0xc0480000.
VESA: v3.0, 4096k memory, flags:0x1, mode table:0xc03f9642 (1000022)
VESA: STB Velocity 128 (RIVA 128)
Pentium Pro MTRR support enabled
md0: Malloc disk
Using $PIR table, 8 entries at 0xc00fdf40
apm0: <APM BIOS> on motherboard
apm0: found APM BIOS v1.2, connected at v1.2
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443LX (440 LX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
[ ... ]
DUMMYNET initialized (011031)
BRIDGE 020214 loaded
ipfw2 initialized, divert enabled, rule-based forwarding enabled, default to
accept, logging limited to 100 packets/entry by default
IPsec: Initialized Security Association Processing.
ad0: 8223MB <ST38410A> [16708/16/63] at ata0-master UDMA33
Mounting root from ufs:/dev/ad0s2a
Thanks for the work to MFC this...
--
-Chuck