From owner-freebsd-questions@FreeBSD.ORG  Tue Sep  7 13:43:07 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 40A2510656CF
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Sep 2010 13:43:07 +0000 (UTC)
	(envelope-from nvass9573@gmx.com)
Received: from mailout-us.gmx.com (mailout-us.gmx.com [74.208.5.67])
	by mx1.freebsd.org (Postfix) with SMTP id D939F8FC17
	for <freebsd-questions@freebsd.org>;
	Tue,  7 Sep 2010 13:43:06 +0000 (UTC)
Received: (qmail invoked by alias); 07 Sep 2010 13:43:04 -0000
Received: from unknown (EHLO [192.168.73.192]) [91.140.122.2]
	by mail.gmx.com (mp-us004) with SMTP; 07 Sep 2010 09:43:04 -0400
X-Authenticated: #46156728
X-Provags-ID: V01U2FsdGVkX1/AVXg4Z8bASaDlNAF/CP6ppYk7EIuRxoNxTEo5qA
	DvzzmE1zYqFqnK
Message-ID: <4C864145.80805@gmx.com>
Date: Tue, 07 Sep 2010 16:42:29 +0300
From: Nikos Vassiliadis <nvass9573@gmx.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
	rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Victor Sudakov <sudakov@sibptus.tomsk.ru>, freebsd-questions@freebsd.org
References: <20100822052550.GA42346@admin.sibptus.tomsk.ru>	<20100907090012.GA48608@admin.sibptus.tomsk.ru>	<4C8616F0.5010401@gmx.com>
	<20100907110033.GA51618@admin.sibptus.tomsk.ru>
In-Reply-To: <20100907110033.GA51618@admin.sibptus.tomsk.ru>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Cc: 
Subject: Re: ipfw fwd and ipfw allow
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2010 13:43:07 -0000

On 9/7/2010 2:00 PM, Victor Sudakov wrote:
> Nikos Vassiliadis wrote:
>>> Am I asking something unreasonable?
>>
>> Not really, but if you ask, one could say that IPFW is a "first
>> match wins" firewall, so a fwd or an allow action would be the
>> terminal one. You must design your rules accordingly.
>>
>> There is also the skipto action which can alter the way packets
>> flow through the rules.
>>
>> Could you describe in a conrete example what you're trying to
>> achieve?
>
> I want forwarded packets to create a dynamic "allow" rule.
>

You can combine fwd and keep-state. Could you be more specific?