Revision 6e622daf
Added by Ermal Luçi over 15 years ago
| etc/inc/filter.inc | ||
|---|---|---|
| 90 | 90 |
* make sure ipfw is the first hook to make CP and schedules work |
| 91 | 91 |
* correctly on Multi-WAN. |
| 92 | 92 |
*/ |
| 93 |
mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"ipfw,pf\"");
|
|
| 93 |
mwexec("/sbin/sysctl net.inet.ip.pfil.inbound=\"pf\"");
|
|
| 94 | 94 |
/* |
| 95 | 95 |
* TODO: Check if disabling ipfw hook |
| 96 | 96 |
* does not break accounting on CP. |
| 97 | 97 |
* XXX Not sure if we really do outbound filtering with ipfw! |
| 98 | 98 |
*/ |
| 99 |
mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"ipfw,pf\"");
|
|
| 99 |
mwexec("/sbin/sysctl net.inet.ip.pfil.outbound=\"pf\"");
|
|
| 100 | 100 |
} |
| 101 | 101 |
|
| 102 | 102 |
/* Set ipfw state limit */ |
Also available in: Unified diff
With latest improvements to ipfw(4) we do not need ipfw on layer3 everything is done on layer2 now.