From owner-freebsd-ipfw@FreeBSD.ORG  Mon Mar 24 00:14:38 2014
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 023DB5CF
 for <ipfw@freebsd.org>; Mon, 24 Mar 2014 00:14:38 +0000 (UTC)
Received: from mail-oa0-f52.google.com (mail-oa0-f52.google.com
 [209.85.219.52])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id BBBDB7EC
 for <ipfw@freebsd.org>; Mon, 24 Mar 2014 00:14:37 +0000 (UTC)
Received: by mail-oa0-f52.google.com with SMTP id l6so5031844oag.39
 for <ipfw@freebsd.org>; Sun, 23 Mar 2014 17:14:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:content-type;
 bh=2+uMSV1QbmXiyPIuLARnFBRrMcinkiTtDlHzy4q+9Js=;
 b=Sox8rnYR01jLs8okHKnUYCNdGRHfEbI2rpwPPEq1xpCgZMBkHWHqlRdSp6e7Yfj/1C
 UtwPevsx7vTWsNoTFnKzKJY6Bcog6H1Ped8ufsVO855o+L4Tb2qncVP+ecgPXBcpoSB/
 Xougl07dRvF0fsW45+Mmb+3uRYx2S/vur4teMqcceWqea6hIKxdOGFZE6GpLJqOonQ70
 qXYnk/bDFpihGJ249EiF30weinWfWr0s/Q3Ze/C1l56uk5sFHHIF41SFTPfaxCNCcsIq
 VgzihPC5fY5rdEE7pGleVZ0PgfTMR3ILyTaXAcS4NLaYYhjDEXcSMGXT9f45WDeRxCug
 IwKw==
X-Gm-Message-State: ALoCoQmxJ0wdQVPoZLBnzp0nRjLpMM593KmyE5u+AWdbCkDN0CijQX7EJ2fGDg0vRJGJ5n75Hwh+
MIME-Version: 1.0
X-Received: by 10.60.232.105 with SMTP id tn9mr53590208oec.11.1395620071619;
 Sun, 23 Mar 2014 17:14:31 -0700 (PDT)
Received: by 10.60.17.33 with HTTP; Sun, 23 Mar 2014 17:14:31 -0700 (PDT)
In-Reply-To: <532F6EBF.9000802@freebsd.org>
References: <51546.1395432085@server1.tristatelogic.com>
 <20140322182402.Q83569@sola.nimnet.asn.au>
 <201403221454.IAA22021@mail.lariat.net>
 <20140322151155.184d5229@gumby.homeunix.com>
 <532E723C.2090109@freebsd.org> <532E7398.5090607@freebsd.org>
 <20140324000439.F87212@sola.nimnet.asn.au>
 <532EF401.80506@freebsd.org>
 <CAHu1Y726yvC7isq4mxKMWsot2MSt=QOe0Q8SPf9aCf3m_RAB3w@mail.gmail.com>
 <532F6EBF.9000802@freebsd.org>
Date: Sun, 23 Mar 2014 17:14:31 -0700
Message-ID: <CAHu1Y72ZF3-Tk5Nf_yJ7QgsGMzs0MFz+yi2SzNAj1tLYwbD4jA@mail.gmail.com>
Subject: Re: ipfw dynamic rules
From: Michael Sierchio <kudzu@tenebras.com>
To: "freebsd-ipfw@freebsd.org" <ipfw@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Mar 2014 00:14:38 -0000

On Sun, Mar 23, 2014 at 4:31 PM, Julian Elischer <julian@freebsd.org> wrote:

> but disabled rules still have a cost I believe as hey still need to be
> traversed,
> unless someone has been very smart..

This I did not know. I don't have many, but it's a small
disappointment, if true.

> It's a pitty that you need to do policy based routing only on input,
> as output packets are already past their routing decision.
> The 'fwd' rule can however sometimes be used later.

Agreed.