From owner-freebsd-net@FreeBSD.ORG  Thu Mar 13 14:54:33 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C1BF4106567A
	for <freebsd-net@freebsd.org>; Thu, 13 Mar 2008 14:54:33 +0000 (UTC)
	(envelope-from eagletree@hughes.net)
Received: from n126.sc0.he.tucows.com (smtpout1111.sc0.he.tucows.com
	[64.97.144.111])
	by mx1.freebsd.org (Postfix) with ESMTP id 921F08FC29
	for <freebsd-net@freebsd.org>; Thu, 13 Mar 2008 14:54:33 +0000 (UTC)
	(envelope-from eagletree@hughes.net)
Received: from sc0-out03.emaildefenseservice.com (64.97.131.2) by
	n126.sc0.he.tucows.com (7.2.069.1)
	id 47AEF770004FE0A5 for freebsd-net@freebsd.org;
	Thu, 13 Mar 2008 14:26:03 +0000
X-SpamScore: 2
X-Spamcatcher-Summary: 2, 0, 0, cc895812cb10ccaa, 8ed9ec56d2b75d02,
	eagletree@hughes.net, -,
	RULES_HIT:355:379:541:564:945:966:988:989:1260:1261:1277:1311:1313:1314:1345:1437:1515:1516:1518:1534:1539:1593:1594:1711:1730:1747:1766:1792:2196:2199:2393:2559:2562:3352:3622:3636:3690:3865:3867:3868:3869:3870:3871:3872:3873:3874:4250:4321:4362:4385:5007:7652,
	0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none,
	DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none
X-Spamcatcher-Explanation: 
Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153])
	(Authenticated sender: eagletree@hughes.net)
	by sc0-out03.emaildefenseservice.com (Postfix) with ESMTP
	for <freebsd-net@freebsd.org>; Thu, 13 Mar 2008 14:25:57 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v753)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <759F7CF5-D47A-4431-88FF-B40FFDE0E24C@hughes.net>
Content-Transfer-Encoding: 7bit
From: Chris <eagletree@hughes.net>
Date: Thu, 13 Mar 2008 07:16:17 -0700
To: freebsd-net@freebsd.org
X-Mailer: Apple Mail (2.753)
Subject: IPFW, DIVERT, and if_bridge 
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: snagit@cbpratt.prohosting.com
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2008 14:54:33 -0000

Hello,

I posted a similar message to Questions but received no
answer so I'm reposting a paraphrase here to see if anyone
knows.

I built FreeBSD 7.0 with options DIVERT and if_bridge to
see if I could make snort_inline work with the bridging
firewall I'm building. I found that the divert would not
direct packets to snort_inline which sounded a little like
the experiences people had when they tried to do this
with the pre-6.x bridge.

Is it still not possible to use divert with if_bridge? Here
is what I'm seeing in ipfw.

65000  48  7382 count ip from any to any
65001   0     0 divert 8300 ip from any to any
65010  48  7382 allow ip from any to any

Thank you,
Chris Pratt