diff options
| author | Avery Pennarun <apenwarr@gmail.com> | 2010-05-07 20:06:26 -0400 |
|---|---|---|
| committer | Avery Pennarun <apenwarr@gmail.com> | 2010-05-07 20:07:41 -0400 |
| commit | 680941cb0c928577eee6eb1c1ba246e020ec4086 (patch) | |
| tree | 08ffb8b842d5b3e1ef1810be007c998c6e20caa6 | |
| parent | 7043195043d5a1885235833804ae7f90404e4a46 (diff) | |
BSD: "ipfw add %d accept ip from any to any established"
With this rule, we don't interfere with already-established (or incoming)
connections to routes that we're about to take over. This is what
happens by default in Linux/iptables.
| -rw-r--r-- | firewall.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/firewall.py b/firewall.py index 8ac5b9a..7c465a7 100644 --- a/firewall.py +++ b/firewall.py @@ -115,6 +115,9 @@ def do_ipfw(port, subnets): if subnets: sysctl_set('net.inet.ip.fw.enable', 1) sysctl_set('net.inet.ip.forwarding', 1) + + ipfw('add', sport, 'accept', 'ip', + 'from', 'any', 'to', 'any', 'established') # create new subnet entries for snet,swidth in subnets: |