From owner-freebsd-net@FreeBSD.ORG Tue Jun 21 06:27:44 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1E90C16A41C for ; Tue, 21 Jun 2005 06:27:44 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DAE943D49 for ; Tue, 21 Jun 2005 06:27:40 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57]) by espresso2.syncrontech.com (8.12.11/8.12.11) with ESMTP id j5L6RcWb096221 for ; Tue, 21 Jun 2005 09:27:38 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [62.71.8.37] (coffee.syncrontech.com [62.71.8.37]) by guinness.syncrontech.com (8.12.11/8.12.11) with ESMTP id j5L6RWx5028588 for ; Tue, 21 Jun 2005 09:27:33 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <42B7B352.8040806@suutari.iki.fi> Date: Tue, 21 Jun 2005 09:27:30 +0300 From: Ari Suutari User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Policy routing idea (Was: ipfw: Would it be possible to continue processing rest of rules after match ?) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Jun 2005 06:27:44 -0000 Hi, I sent this to ipfw mailing list some time ago, but got no response. I would like to adjust ipfw behaviour with fwd rules to make policy routing easier (ie. make it separete from filtering rules). I would just like some input if this makes any sense (or is possible at all with current design). >Currently the ipfw fwd rules work so that the packet >is accepted when fwd rule matches. > >Would it be possible just tag the packet with >information about next_hop and just continue processing the >rules ? This would make complex rulesets with policy-based >routing much simpler, since one could just have relevat >fwd statments at beginning of rule sets and then >filter the packets in usual way. Ari S.