Policy routing idea (Was: ipfw: Would it be possible to continue
processing rest of rules after match ?)
Ari Suutari
ari at suutari.iki.fi
Tue Jun 21 06:27:44 GMT 2005
Hi,
I sent this to ipfw mailing list some time ago, but
got no response. I would like to adjust ipfw behaviour
with fwd rules to make policy routing easier (ie. make
it separete from filtering rules). I would just like
some input if this makes any sense (or is possible at
all with current design).
>Currently the ipfw fwd rules work so that the packet
>is accepted when fwd rule matches.
>
>Would it be possible just tag the packet with
>information about next_hop and just continue processing the
>rules ? This would make complex rulesets with policy-based
>routing much simpler, since one could just have relevat
>fwd statments at beginning of rule sets and then
>filter the packets in usual way.
Ari S.
More information about the freebsd-net
mailing list