- User Since
- Aug 25 2018, 5:03 PM (91 w, 2 d)
Fri, May 22
This landed in r533804.
- Updating D24952: ipfirewall.4: restructure new line starts and remove .Tn #
- Enter a brief description of the changes included in this update.
- The first line is used as subject, next lines as comment. #
- If you intended to create a new revision, use:
- $ arc diff --create
Yea NP, there are a lot of other “which”s that dont start on a new line, I could move those to get consitency?
Just for my understanding before I start making changes
Thu, May 21
Hi all, I don't have a commit bit :-). Following the discussion above, could someone take care of the commit? I'll quickly follow up with a new review removing the .Tn's.
Wed, May 13
I could definitely do that, @bcr do you think the .Tn is a blocker? Its already present in this man page at line 40.
Thu, May 7
I think this is fine to commit now :-). If any other pointers come up on the mailing lists regarding this commit I'll make an additional review to tackle those.
Tue, May 5
Thanks for committing this new port Gleb!
Sun, May 3
For whatever my approval is worth :-)
Thanks for your quick work on this Dan , I left a rough review, although most of them are easily fixable. Looking good so far! Looking forward seeing this landed :-).
Thu, Apr 30
Mon, Apr 27
I have tested this patch, it builds fine in poudriere. I run time tested this on my server, for the moment still running smoothly.
Apr 25 2020
FYI, I don't have a bit. We can wait a bit longer though for other people to possibly chime in.
Apr 22 2020
Apr 8 2020
Update to 5.2
Apr 7 2020
Got committed in r54041 ...
Apr 6 2020
Apr 3 2020
How close are we to getting this committed? Are there still some open points or is it fine as is ATM?
Mar 30 2020
Mar 17 2020
Nice! Looking forward to this :-).
Mar 14 2020
Mar 12 2020
00001 allow ip from any to any via igb0
00002 allow ip from any to any via lo0
00003 allow ip from any to any via enc0
00010 reass ip from any to any in
00050 deny log ip from any to any not antispoof in
00100 nat 1 ip4 from any to any in recv em0
00500 skipto 10000 tcp from any to any out xmit em0 setup keep-state :default
00501 skipto 10000 udp from any to any out xmit em0 keep-state :default
00502 skipto 10000 icmp from any to any out xmit em0 keep-state :default
00503 skipto 10000 ipv6-icmp from any to any out xmit em0 keep-state :default
05000 allow tcp from any to me 22,80,443,9001,32400,51413 in recv em0 setup keep-state :default
05001 allow udp from any to me 500,546,4500,9987 in recv em0 keep-state :default
05002 allow icmp from any to me in recv em0 keep-state :default
05003 allow ipv6-icmp from any to any in recv em0 keep-state :default
09999 deny log ip from any to any
10000 nat 1 ip4 from any to any out xmit em0
65535 allow ip from any to any
Mar 11 2020
Does this mean that for a current dual stack IPFW rule like:
Feb 11 2020
This diff should resolve the plist issue fully and much more correctly.
Feb 10 2020
Jan 31 2020
Fix typo pointed out by @bcr. Thanks for the review!
Jan 30 2020
Jan 27 2020
I have run time tested this patch with multimedia/emby-server for a few days now and it has worked fine. Build is clean on my system too (12-STABLE).
Jan 20 2020
Jan 13 2020
Oct 9 2019
Hi guys, any more pointers or feedback? Otherwise I think this might be ready to commit :-).
Sep 27 2019
firewall.rc is actually rc.firewall.
Sep 26 2019
This is an obvious no-op change and only documents what was lagging behind.
Could someone from @portmgr take a look at this if blanket approval is needed?
Address feedback from @bcr. Thanks for the review!
Sep 25 2019
Address feedback. Thanks for the review!
Sep 13 2019
Aug 21 2019
Thanks, I see what you mean now! :-) Let me see what I can cook up.
Thanks for the feedback Eugen, that will take a bit more time to restructure / add some of your comments.
Aug 17 2019
May 25 2019
Revert using GCC, it is not a requirement and works best with USE_GCC that defines a run-time dep on GCC which is a big nono.
May 21 2019
May 20 2019
May 19 2019
Can you make sure that it also works with the WITH_SVN build option? (That installs svnlite as svn)
Mar 23 2019
Just FYI, I am not a committer :)
Mar 21 2019
Thanks for the pointer, this diff was by no means limited to the IPv6 modules :)!
I added a switch for the pmod module in a similar fashion.
Feb 23 2019
Remove trailing slash in LIB_DEPENDS
Re-add X11 option as there is interest for this in the community and an extra option doesn't hurt anyway.
Also handy for people wanting to keep their system clean of X11 and extra libraries.
Feb 21 2019
- Upstream released Emby-server 188.8.131.52 so update to latest version
- Link ffmpeg with x265
- Remove X11 as option (as it defaulted to on anyway and USE_XORG=x11 is set)
Feb 15 2019
Remove unneeded += for configure args.
Feb 14 2019
Fix typo's in RC script.
Feb 12 2019
Remove unneeded use of tar:xz.
Feb 10 2019
- Address mat comments
- Remove unneeded clutter in rc script
- Streamline ffmpeg configure args
Feb 9 2019
Address comments from mat & tcberner
Feb 8 2019
Nov 10 2018
Hi, I tested this code and it works like a charm! Thanks! Now I can have a static addresses config for jails with a dynamic external prefix.
I needed this because my ISP uses DHCPv6 to delegate prefixes which can change, so a static NPTv6 rule in IPFW was a nono.