Hey guys,
Completely virginFBSD FreeBSD 9 system. Installed from DVD image.
I need to expand the ipf_nattable_sz and ipf_nattable_max entries. I thought I could just put in what I needed in ipfilter_flags, as such:
But it doesn't seem to work. It loads ipfilter, but doesn't seem to process what I've passed to flags. Here's the output of
It remains exactly the same with the rc.conf entry I provided. If I do this:
I get this:
Like I should. I COULD just write a script, dump it into /usr/local/etc/rc.d/, but I'd really rather do this 'properly' in case someone other than me has to maintain this thing if I'm not around. Or even just for myself. Am I missing something? Should I be putting different args into the flags var in rc.conf?
Totally separate issue, but:
I even went so far as to go into /usr/src/sys/modules/ipfilter and do a
Anyone else have experience using the flags inFBSD FreeBD 9.x? Could really use a pointer or two here.
Thanks!
Completely virgin
I need to expand the ipf_nattable_sz and ipf_nattable_max entries. I thought I could just put in what I needed in ipfilter_flags, as such:
Code:
ipfilter_enable="YES"
ipfilter_flags="-D -T ipf_nattable_sz=10009,ipf_nattable_max=300000 -E"
But it doesn't seem to work. It loads ipfilter, but doesn't seem to process what I've passed to flags. Here's the output of
ipf -T list |grep natt
Code:
ipf_nattable_sz min 0x1 max 0x7fffffff current 2047
ipf_nattable_max min 0x1 max 0x7fffffff current 30000
It remains exactly the same with the rc.conf entry I provided. If I do this:
Code:
[root@bignat ~]# ipf -D -T ipf_nattable_sz=10009,ipf_nattable_max=300000 -E
I get this:
Code:
[root@bignat ~]# ipf -T list |grep -i natt
ipf_nattable_sz min 0x1 max 0x7fffffff current 10009
ipf_nattable_max min 0x1 max 0x7fffffff current 300000
Like I should. I COULD just write a script, dump it into /usr/local/etc/rc.d/, but I'd really rather do this 'properly' in case someone other than me has to maintain this thing if I'm not around. Or even just for myself. Am I missing something? Should I be putting different args into the flags var in rc.conf?
Totally separate issue, but:
I even went so far as to go into /usr/src/sys/modules/ipfilter and do a
make clean && make -DLARGE_NAT depend && make -DLARGE_NAT && make install
but even though during the compile it SHOWS that I used the flag, it doesn't actually increase the table sizes. I even manually modified the Makefile to use the -DLARGE_NAT, still nothing.Anyone else have experience using the flags in
Thanks!