diff options
| author | Doug Rabson <dfr@FreeBSD.org> | 2023-06-20 13:01:58 +0000 |
|---|---|---|
| committer | Doug Rabson <dfr@FreeBSD.org> | 2023-07-14 10:07:58 +0000 |
| commit | 6dfb2c2dce0ffabd783ec24b8d4d128993363f72 (patch) | |
| tree | 458555d1452e60a50c45e57713d865d759cb4db7 /UPDATING | |
| parent | b22299c457b21d77fc5770b9f1a9043487b25ed9 (diff) | |
| download | src-6dfb2c2dce0ffabd783ec24b8d4d128993363f72.tar.gz src-6dfb2c2dce0ffabd783ec24b8d4d128993363f72.zip | |
pf: Add code to enable filtering for locally delivered packets
This is disabled by default since it potentially changes the behavior of
existing filter rule sets. To enable this extra filter for packets being
delivered locally, use:
sysctl net.pf.filter_local=1
service pf restart
PR: 268717
Reviewed-by: kp
MFC-after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D40373
(cherry picked from commit 3a1f834b5228986a7c14fd60da13cf2700e80996)
Diffstat (limited to 'UPDATING')
| -rw-r--r-- | UPDATING | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -12,6 +12,18 @@ Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before updating system packages and/or ports. +20230619: + To enable pf rdr rules for connections initiated from the host, pf + filter rules can be optionally enabled for packets delivered + locally. This can change the behavior of rules which match packets + delivered to lo0. To enable this feature: + + sysctl net.pf.filter_local=1 + service pf restart + + When enabled, its best to ensure that packets delivered locally are not + filtered, e.g. by adding a 'skip on lo' rule. + 20230404: llvm-objump is now always installed as objdump. Previously there was no /usr/bin/objdump unless the WITH_LLVM_BINUTILS knob was used. |