Diffusion FreeBSD src repository a805ffbcbce8

ipfilter: Make LARGE_NAT a tunable.
a805ffbcbce8
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

ipfilter: Make LARGE_NAT a tunable.

LARGE_NAT is a C macro that increases
NAT_SIZE from 127 to 2047,
RDR_SIZE from 127 to 2047,
HOSTMAP_SIZE from 2047 to 8191,
NAT_TABLE_MAX from 30000 to 180000, and
NAT_TABLE_SZ from 2047 to 16383.

These values can be altered at runtime using the ipf -T command however
some adminstrators of large firewalls rebuild the kernel to enable
LARGE_NAT at boot. This revision adds the tunable net.inet.ipf.large_nat
which allows an administrator to set this option at boot instead of build
time. Setting the LARGE_NAT macro to 1 is unaffected allowing build-time
users to continue using the old way.

Details

Provenance

cy	Authored on Feb 16 2021, 3:44 PM

Parents

rGe2ad10e84792: Remove the redundant ipfilter IPv6 rc rules load.

Branches

Unknown

Tags

Unknown

Event Timeline

cy committed rGa805ffbcbce8: ipfilter: Make LARGE_NAT a tunable. (authored by cy).Feb 22 2021, 7:20 PM

cy mentioned this in rG3145d2ebc4f3: ipfilter: Make LARGE_NAT a tunable..Jan 9 2022, 12:44 AM

cy mentioned this in rG07738547c4c9: ipfilter: Make LARGE_NAT a tunable..

zlei mentioned this in D42005: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Sep 28 2023, 2:52 AM

zlei mentioned this in rGba883e7a5ac4: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Sep 29 2023, 12:05 AM

zlei mentioned this in rGa9359dcde241: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Oct 2 2023, 12:52 AM

zlei mentioned this in rG25c371dc559a: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Oct 2 2023, 8:31 AM

zlei mentioned this in rG3f44d7870593: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Oct 2 2023, 9:10 AM

zlei mentioned this in rGc920810743c6: ipfilter: Add sysctl flag CTLFLAG_TUN to loader tunable.Oct 3 2023, 3:38 AM

Changes (6)

Path

Size

sys/

contrib/

ipfilter/

netinet/

ip_fil_freebsd.c

rGa805ffbcbce8

sys/contrib/ipfilter/netinet/fil.c

Loading...

sys/contrib/ipfilter/netinet/ip_fil.h

Loading...

sys/contrib/ipfilter/netinet/ip_fil_freebsd.c

Loading...

sys/contrib/ipfilter/netinet/ip_nat.c

Loading...

sys/contrib/ipfilter/netinet/ip_nat.h

Loading...

sys/contrib/ipfilter/netinet/mlfk_ipl.c

Loading...