From owner-freebsd-net@FreeBSD.ORG  Sun Nov  4 00:05:19 2007
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C8A6716A46B
	for <freebsd-net@freebsd.org>; Sun,  4 Nov 2007 00:05:19 +0000 (UTC)
	(envelope-from babolo@cicuta.babolo.ru)
Received: from pike.mail.pike.ru (pike.mail.pike.ru [85.30.230.219])
	by mx1.freebsd.org (Postfix) with ESMTP id 668D013C4B3
	for <freebsd-net@freebsd.org>; Sun,  4 Nov 2007 00:05:17 +0000 (UTC)
	(envelope-from babolo@cicuta.babolo.ru)
Received: (qmail 92047 invoked from network); 3 Nov 2007 20:04:54 -0000
Received: from cicuta.babolo.ru (85.30.229.5)
	by pike.mail.pike.ru with SMTP; 3 Nov 2007 20:04:54 -0000
Received: (nullmailer pid 98456 invoked by uid 136);
	Sat, 03 Nov 2007 19:59:14 -0000
X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1
In-Reply-To: <20071101150613.GA24803@lor.one-eyed-alien.net>
To: Brooks Davis <brooks@freebsd.org>
Date: Sat, 3 Nov 2007 22:59:14 +0300 (MSK)
From: .@babolo.ru
X-Mailer: ELM [version 2.4ME+ PL99b (25)]
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
Message-Id: <1194119954.596539.98455.nullmailer@cicuta.babolo.ru>
Cc: Max Laier <max@love2party.net>, freebsd-net@freebsd.org,
	"Bruce M. Simpson" <bms@freebsd.org>,
	Julian Elischer <julian@elischer.org>, Matus Harvan <mharvan@inf.ethz.ch>
Subject: Re: UDP catchall
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Nov 2007 00:05:19 -0000


> On Wed, Oct 31, 2007 at 09:53:56AM -0700, Julian Elischer wrote:
> > It's possible using ipfw to mostly implement this, and with an upcoming 
> > change, possible to completely implement this.
> > 
> > the "uid" function of ipfw can act as a "does there exist a socket to which 
> > this packet would go?" test.
> > and a variant of it called "for_me" that I am adding (we use it at work) 
> > does this even better.
> > 
> > so, basically,
> > 
> > yyy:   skipto xxx ip from any to-me
> > yyy+1: fwd 127.0.0.1,1234
> > xxx:
> 
> One problem with this kind of implementation is that it's impossible to
> make it plug and play.
Just equip mtund with script that configure
virgin OS in proper way and restrict to do
that when there is some non-minimal configuration,
for example ipfw is not empty.

Your plug and play goal as written contradicts
BSD spirits IMHO.

Sorry for bad English.