From owner-freebsd-net@FreeBSD.ORG  Wed Dec 15 10:52:05 2004
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A6BB16A4D0
	for <freebsd-net@freebsd.org>; Wed, 15 Dec 2004 10:52:05 +0000 (GMT)
Received: from c00l3r.networx.ch (c00l3r.networx.ch [62.48.2.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A625843D45
	for <freebsd-net@freebsd.org>; Wed, 15 Dec 2004 10:52:04 +0000 (GMT)
	(envelope-from andre@freebsd.org)
Received: (qmail 34631 invoked from network); 15 Dec 2004 10:40:47 -0000
Received: from unknown (HELO freebsd.org) ([62.48.0.53])
          (envelope-sender <andre@freebsd.org>)
          by c00l3r.networx.ch (qmail-ldap-1.03) with SMTP
          for <glebius@freebsd.org>; 15 Dec 2004 10:40:47 -0000
Message-ID: <41C01755.6E352422@freebsd.org>
Date: Wed, 15 Dec 2004 11:52:05 +0100
From: Andre Oppermann <andre@freebsd.org>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Gleb Smirnoff <glebius@freebsd.org>
References: <20041213124051.GB32719@cell.sick.ru>
	<20041214015603.A75019@xorpc.icir.org> <20041214060341.A77720@xorpc.icir.org>
	<41BEF746.E8362858@freebsd.org> <20041214063118.B77933@xorpc.icir.org>
	<41BF07A3.8F1F505E@freebsd.org> <20041214181231.GA80817@scylla.towardex.com>
	<20041215084540.GB53509@cell.sick.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: Max Laier <max@love2party.net>
cc: Luigi Rizzo <rizzo@icir.org>
cc: James <james@towardex.com>
cc: freebsd-net@freebsd.org
Subject: Re: per-interface packet filters [summary]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Dec 2004 10:52:05 -0000

Gleb Smirnoff wrote:
> 
> On Tue, Dec 14, 2004 at 01:12:31PM -0500, James wrote:
> J> The way we have approached this in the past is to install /32 host routes
> J> for each interface addr's and respective subnet and broadcast /32 addresses
> J> into the kernel RIB, destined to lo0 interface. Place your per-interface
> J> filter on 'lo0' interface and packets destined to router iteslf will be
> J> subject to loopback filter before making it onto upper layer protocol.
> 
> I was thinking of this idea, too. So, it works?

Yes, it works.  It will work better when the ARP layer 2 information is
removed from the routing table.  This is expected to happen fairly soon
(early next year).

-- 
Andre