Luigi Rizzo kiadta azokat az új patcheket, amelyek lehetővé teszik, hogy ipfw2-t futtassunk a FreeBSD-stable -n. Az ipfw2 a nickneve az új tűzfal kódnak, amely jelenleg a FreeBSD-current -ben található. Ez a tűfal kód sokkal gyorsabb és flexibilisebb, mint a jelenlegi ipfw. Az új ipfw2 a régi ipfw szintaktikáját használja, így a meglevő régi konfigurációs fileok változtatás nélkül használhatók az új tűzfal kóddal.********************************
From: Luigi Rizzo
To: ipfw@FreeBSD.ORG
Subject: updated ipfw2 patches for -stable
As the subject says, the latest patches to run ipfw2 on -stable are at
http://info.iet.unipi.it/~luigi/ipf...le.020715.diffs
They rely on the code that I have committed to -stable last week, and replicate the functionality that is available in -current in the CVS repository.
This version fixes all bugs reported so far (which were limited to minor problems in the userland code, and alignment issues on 64-bit architectures) and implements keepalives to prevent dynamic rules
from expiring when your session is idle for longer than the timeout.
Once you have patched your source tree, you need to add
options IPFW2
to your kernel config file to have the new functionality available, otherwise you will still use the old ipfw code.
You also need to recompile /sbin/ipfw.
Note that this patch *does not* update libalias (I will add
patches for that in the next version of the code).
(For the curious, ipfw2 is a nickname for the new firewall code which is in -current. It is much faster and more flexible than the old one, and implements the old ipfw syntax as a subset, so your existing configuration files should work unmodified -- and if they don't, please report the rule(s) where it chokes so i can fix that).
cheers
luigi