From owner-freebsd-net@FreeBSD.ORG  Thu May 13 02:11:38 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2F10C16A4CE; Thu, 13 May 2004 02:11:38 -0700 (PDT)
Received: from cell.sick.ru (cell.sick.ru [217.72.144.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B69ED43D5A; Thu, 13 May 2004 02:11:36 -0700 (PDT)
	(envelope-from glebius@cell.sick.ru)
Received: from cell.sick.ru (glebius@localhost [127.0.0.1])
	by cell.sick.ru (8.12.9/8.12.8) with ESMTP id i4D9BYvw031677
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Thu, 13 May 2004 13:11:35 +0400 (MSD)
	(envelope-from glebius@cell.sick.ru)
Received: (from glebius@localhost)
	by cell.sick.ru (8.12.9/8.12.6/Submit) id i4D9BYhw031676;
	Thu, 13 May 2004 13:11:34 +0400 (MSD)
Date: Thu, 13 May 2004 13:11:34 +0400
From: Gleb Smirnoff <glebius@cell.sick.ru>
To: Eugene Grosbein <eugen@kuzbass.ru>
Message-ID: <20040513091134.GA31609@cell.sick.ru>
References: <40A3393F.1391943E@kuzbass.ru>
	<20040513012344.A12373@xorpc.icir.org> <40A34082.F0182B31@kuzbass.ru>
	<20040513013717.A16394@xorpc.icir.org> <40A345F9.1460F5C4@kuzbass.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <40A345F9.1460F5C4@kuzbass.ru>
User-Agent: Mutt/1.5.6i
cc: Luigi Rizzo <rizzo@icir.org>
cc: ipfw@freebsd.org
cc: net@freebsd.org
Subject: Re: ipfw: reset tcp
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 May 2004 09:11:38 -0000

On Thu, May 13, 2004 at 05:55:05PM +0800, Eugene Grosbein wrote:
E> Please make it possible (using sysctl or any other mean) to
E> disable M_SKIP_FIREWALL for such packets (I suppose 'unreach' rules
E> are affected too). I DO need to process ALL outgoing packets.
E> For exapmle, I must use 'ipfw fwd' (to implement policy routing)
E> for the packets with source IP like this.

Better idea is to separate policy routing decisions from packet
filter. However, implementing this is much more difficult, than
just removing one string from send_pkt().

-- 
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE