[PATCH] iptables filter: FORWARD default change!

Thu, 27 Apr 2000 19:30:49 +0930

Linus, please apply v2.3.99-pre6.

This finally alters the FORWARD policy to ACCEPT (you can override it
if iptable_filter is a module with `forward=0').  People have
/proc/sys/net/ipv4/ip_forward to control forwarding, and this extra
trickiness just frustrated and confused people.

Rusty.

diff -urN --minimal --exclude *.lds --exclude *.ps --exclude *.pdf --exclude *.sgml --exclude *.tex --exclude *.aux --exclude *.log --exclude classlist.h --exclude devlist.h --exclude autoconf.h --exclude compile.h --exclude version.h --exclude .* --exclude *.[oa] --exclude *.orig --exclude config --exclude asm --exclude modules --exclude *.[Ss] --exclude System.map --exclude consolemap_deftbl.c --exclude *~ --exclude TAGS --exclude tags --exclude modversions.h --exclude install-kernel linux-2.3.99-pre-6-2-rusty/net/ipv4/netfilter/iptable_filter.c working/net/ipv4/netfilter/iptable_filter.c

--- linux-2.3.99-pre-6-2-rusty/net/ipv4/netfilter/iptable_filter.c	Wed Apr  5 18:44:00 2000
+++ working/net/ipv4/netfilter/iptable_filter.c	Thu Apr 27 11:48:47 2000
@@ -121,8 +122,8 @@
 		NF_IP_PRI_FILTER }
 };
 
-/* Default to no forward for security reasons. */
-static int forward = NF_DROP;
+/* Default to forward because I got too much mail already. */
+static int forward = NF_ACCEPT;
 MODULE_PARM(forward, "i");
 
 static int __init init(void)

--
Hacking time.
