Suggestion regarding a new option for IPFW2
Sten Daniel Sørsdal
sten.daniel.sorsdal at wan.no
Fri Aug 1 09:33:52 PDT 2003
> > I dont see how one could divert unreach host messages when unreach
> > host drops the message?
> > It is the error messages generated by IPFW that i am referring to,
> > in case that was unclear.
>
> You want the source of a an 'unreach' message to be rewritten
> with the destination of the offending packet? So, a parameter
> to 'unreach' or 'reset' which is an IP address, and could take
> the keyword "dest" or something like that?
>
> ipfw add unreach host-prohib ip from any to any auth
> src-alias 10.0.0.1
>
> or
>
> ipfw add unreach host-prohib ip from any to any auth src-alias target
>
Yes, like that.
- Sten
More information about the freebsd-ipfw
mailing list