Policy routing idea (Was: ipfw: Would it be possible to continue
processing rest of rules after match ?)
Ari Suutari
ari at suutari.iki.fi
Thu Jun 23 05:28:58 GMT 2005
Luigi Rizzo wrote:
> I really believe the "setnexthop" action is the best approach.
I'll start implementing this approach today if other work permits.
I think I'll also add new rule option "defaultroute" which matches if
packet destination has no specific route in routing table. That would
make it very easy to, for example, route general web-surfing to
secondary adsl line, just say:
ipfw setnexthop g2.g2.g2.g2 tcp from any to any defaultroute
(well, in real life one would need probably nat here, but that
could be done in similar manner)
Ari S.
More information about the freebsd-net
mailing list