From owner-freebsd-ipfw@freebsd.org  Wed Jun  8 09:28:13 2016
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7355CB6F31B
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Wed,  8 Jun 2016 09:28:13 +0000 (UTC) (envelope-from crest@rlwinm.de)
Received: from smtp.rlwinm.de (smtp.rlwinm.de [IPv6:2a01:4f8:201:31ef::e])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 3F5EF1655
 for <freebsd-ipfw@freebsd.org>; Wed,  8 Jun 2016 09:28:13 +0000 (UTC)
 (envelope-from crest@rlwinm.de)
Received: from vader9.bultmann.eu (unknown [87.253.189.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by smtp.rlwinm.de (Postfix) with ESMTPSA id D115F1E03
 for <freebsd-ipfw@freebsd.org>; Wed,  8 Jun 2016 11:28:10 +0200 (CEST)
Subject: Re: IPFW: more "orthogonal? state operations, push into 11?
To: freebsd-ipfw@freebsd.org
References: <9229d4f7-8466-57b0-c954-117736102bd7@FreeBSD.org>
 <5755F0D3.9060909@FreeBSD.org>
 <1465278589.404683707.3wv9pnhq@frv34.fwdcdn.com>
 <57567F14.1040201@FreeBSD.org>
From: Jan Bramkamp <crest@rlwinm.de>
Message-ID: <a7c03f27-6f8e-081f-6814-beafc2e9db7e@rlwinm.de>
Date: Wed, 8 Jun 2016 11:28:09 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.1.1
MIME-Version: 1.0
In-Reply-To: <57567F14.1040201@FreeBSD.org>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jun 2016 09:28:13 -0000

On 07/06/16 10:00, Andrey V. Elsukov wrote:
> On 07.06.16 09:31, wishmaster wrote:
>>> With the following patch you will be able create two different states, I
>>> think, and solve your task with NAT and dynamic rules:
>>> https://reviews.freebsd.org/D6674
>>
>> Will there be the patch in the 11-RELEASE?
>
> Hi,
>
> there are three patches for ipfw, that I want to commit:
> 	https://reviews.freebsd.org/D6420
> 	https://reviews.freebsd.org/D6434
> 	https://reviews.freebsd.org/D6674
>
> But we are in code slush and there aren't any positive review yet. So, I
> guess they will be committed only after 11.0 would be branched.

To bad. Those all look very useful and and together would enable me to 
use my FreeBSD jail hosts for all packet filtering instead of running 
the traffic through a OpenBSD bhyve guest on each jail host.