bsd docs: newer pfsense ipfw trick

3 years ago · 717583c733
2 changed files with 12 additions and 0 deletions
--- a/docs/bsd.eng.md
+++ b/docs/bsd.eng.md
@ -192,14 +192,20 @@ Then it becomes possible to install all the required software including git to d

 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
 ipfw delete 100
 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
 pkill ^dvtws$
 dvtws --daemon --port 989 --dpi-desync=split2
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
 ```

 I could not make tpws work from ipfw. Looks like there's some conflict between two firewalls.
--- a/docs/bsd.txt
+++ b/docs/bsd.txt
@ -192,14 +192,20 @@ ipset скрипты работают, крон есть. Можно сдела

 kldload ipfw
 kldload ipdivert
+
+# for older pfsense versions. newer do not have these sysctls
 sysctl net.inet.ip.pfil.outbound=ipfw,pf
 sysctl net.inet.ip.pfil.inbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.outbound=ipfw,pf
 sysctl net.inet6.ip6.pfil.inbound=ipfw,pf
+
 ipfw delete 100
 ipfw add 100 divert 989 tcp from any to any 80,443 out not diverted not sockarg xmit em0
 pkill ^dvtws$
 dvtws --daemon --port 989 --dpi-desync=split2
+
+# required for newer pfsense versions (2.6.0 tested) to return ipfw to functional state
+pfctl -d ; pfctl -e
 -----------

 Что касается tpws, то видимо имеется некоторый конфликт двух фаерволов, и правила fwd в ipfw не работают.