From owner-cvs-all  Tue Feb 13 16: 0:39 2001
Delivered-To: cvs-all@freebsd.org
Received: from tao.org.uk (genesis.tao.org.uk [194.242.131.94])
	by hub.freebsd.org (Postfix) with ESMTP
	id C299437B4EC; Tue, 13 Feb 2001 16:00:22 -0800 (PST)
Received: by tao.org.uk (Postfix, from userid 100)
	id 9D62731BB; Wed, 14 Feb 2001 00:00:20 +0000 (GMT)
Date: Wed, 14 Feb 2001 00:00:20 +0000
From: Josef Karthauser <joe@tao.org.uk>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: Luigi Rizzo <rizzo@aciri.org>, imp@harmony.village.org,
	cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c
Message-ID: <20010214000020.B2265@tao.org.uk>
References: <200102131841.f1DIfEJ31419@iguana.aciri.org> <52786.982090097@critter>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="CdrF4e02JqNVZeln"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <52786.982090097@critter>; from phk@critter.freebsd.dk on Tue, Feb 13, 2001 at 07:48:17PM +0100
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--CdrF4e02JqNVZeln
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 13, 2001 at 07:48:17PM +0100, Poul-Henning Kamp wrote:
> >
> >does what i wanted. So you can jump to your "forwarding list"
> >with a rule like
> >
> >	ipfw add skipto 10000 ip from any to any out recv any
> >
> >and have code your access-list 10000 as your forwarding ruleset.
>=20
> I still think having separate lists, with well defined insert
> points would make it a lot easier for people.
>=20
> I generally meet a lot of people who have trouble with the
> fact that a forwarded packet gets filteret twice...

=2E.. and how does ipfw interact with packets received via IPSec?  Is
it different between transport and tunnel modes?  What if ipenc (gif)
traffic is tunnelled.  Do we get all three goes through the ipfw rules?
(the ESP packet, the IPENC packet, and the encapsulated packet).

Separate lists would help to clarify these also.

Joe

--CdrF4e02JqNVZeln
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjqJypQACgkQXVIcjOaxUBbGjACeK5LSei4c3BVt3neRWLrUuiVR
jAMAniHo4sVqsb5JIucpf9P/+NF98aLu
=sUwo
-----END PGP SIGNATURE-----

--CdrF4e02JqNVZeln--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message