summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAvery Pennarun <apenwarr@gmail.com>2012-01-02 18:19:08 -0500
committerBrian May <brian@microcomaustralia.com.au>2014-09-23 10:09:16 +1000
commit3eef3635ac2172940e0eb83e1090221fb35f8581 (patch)
treeb940a7e8c1414c75eec896008418ada58d344989
parentf1c79c7e92fdcc6f7bda9139b6f46610319ac9fe (diff)
ipfw: don't use 'log' parameter.
I guess we were causing the kernel to syslog on every single packet on MacOS. Oops.
Diffstat
-rw-r--r--src/firewall.py8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/firewall.py b/src/firewall.py
index 778fa28..b3b0e9f 100644
--- a/src/firewall.py
+++ b/src/firewall.py
@@ -394,11 +394,11 @@ def do_ipfw(port, dnsport, family, subnets, udp):
in sorted(subnets, key=lambda s: s[1], reverse=True):
if sexclude:
ipfw('add', sport, 'skipto', xsport,
- 'log', 'tcp',
+ 'tcp',
'from', 'any', 'to', '%s/%s' % (snet, swidth))
else:
ipfw('add', sport, 'fwd', '127.0.0.1,%d' % port,
- 'log', 'tcp',
+ 'tcp',
'from', 'any', 'to', '%s/%s' % (snet, swidth),
'not', 'ipttl', '42', 'keep-state', 'setup')
@@ -440,12 +440,12 @@ def do_ipfw(port, dnsport, family, subnets, udp):
for f, ip in filter(lambda i: i[0] == family, nslist):
# relabel and then catch outgoing DNS requests
ipfw('add', sport, 'divert', sport,
- 'log', 'udp',
+ 'udp',
'from', 'any', 'to', '%s/32' % ip, '53',
'not', 'ipttl', '42')
# relabel DNS responses
ipfw('add', sport, 'divert', sport,
- 'log', 'udp',
+ 'udp',
'from', 'any', str(dnsport), 'to', 'any',
'not', 'ipttl', '42')
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 19:48:46 +0000