Suggestion regarding a new option for IPFW2
Michael Sierchio
kudzu at tenebras.com
Fri Aug 1 09:07:39 PDT 2003
Sten Daniel Sørsdal wrote:
> I dont see how one could divert unreach host messages when unreach
> host drops the message?
> It is the error messages generated by IPFW that i am referring to,
> in case that was unclear.
You want the source of a an 'unreach' message to be rewritten
with the destination of the offending packet? So, a parameter
to 'unreach' or 'reset' which is an IP address, and could take
the keyword "dest" or something like that?
ipfw add unreach host-prohib ip from any to any auth src-alias 10.0.0.1
or
ipfw add unreach host-prohib ip from any to any auth src-alias target
More information about the freebsd-ipfw
mailing list