From owner-freebsd-bugs@FreeBSD.ORG  Thu Nov 20 20:20:02 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 536E01065674
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 20 Nov 2008 20:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 2D6CE8FC0A
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 20 Nov 2008 20:20:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id mAKKK1R3052837
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 20 Nov 2008 20:20:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id mAKKK1tW052836;
	Thu, 20 Nov 2008 20:20:01 GMT (envelope-from gnats)
Resent-Date: Thu, 20 Nov 2008 20:20:01 GMT
Resent-Message-Id: <200811202020.mAKKK1tW052836@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Eugen Konkov <kes-kes@yandex.ru>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BCF11065675
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 20 Nov 2008 20:10:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 27F2D8FC1B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 20 Nov 2008 20:10:50 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id mAKKAnZP003708
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 20 Nov 2008 20:10:49 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id mAKKAnxY003707;
	Thu, 20 Nov 2008 20:10:49 GMT (envelope-from nobody)
Message-Id: <200811202010.mAKKAnxY003707@www.freebsd.org>
Date: Thu, 20 Nov 2008 20:10:49 GMT
From: Eugen Konkov <kes-kes@yandex.ru>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: kern/129024: IPFW improvements
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2008 20:20:02 -0000


>Number:         129024
>Category:       kern
>Synopsis:       IPFW improvements
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov 20 20:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Eugen Konkov
>Release:        7.1-BETA
>Organization:
ISP Konkov
>Environment:
FreeBSD home.kes.net.ua 7.1-BETA FreeBSD 7.1-BETA #0: Sun Sep  7 13:49:18 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
     divert port
	     Divert packets that match this rule to the divert(4) socket bound
-	     to port port.  The search terminates.
+	     to port port.  The search terminates. however,
+	     on exit from the pipe and if the sysctl(8) variable
+	     net.inet.ip.fw.one_pass is not set, the packet is passed again to
+            the firewall code starting from the next rule.

     fwd | forward ipaddr | tablearg[,port]
	     Change the next-hop on matching packets to ipaddr, which can be
	     an IP address or a host name.  The next hop can also be supplied
	     by the last table looked up for the packet by using the tablearg
	     keyword instead of an explicit address.  The search terminates if
-	     this rule matches.
+	     this rule matches. however,
+	     on exit from the pipe and if the sysctl(8) variable
+	     net.inet.ip.fw.one_pass is not set, the packet is passed again to
+            the firewall code starting from the next rule.


-----------------

-     addr: [not] {any | me | me6 | table(number[,value]) | addr-list |
-             addr-set}
+     addr: [not] {any | me | me6 | iface | table(number[,value]) | addr-list |
+             addr-set}

     any     matches any IP address.

-     me      matches any IP address configured on an interface in the system.
+     me      matches any IP address configured on any interface in the system.

     me6     matches any IPv6 address configured on an interface in the sys-
             tem.  The address list is evaluated at the time the packet is an-
             alysed.

+     iface   where iface is interface on system. In this case
+             addresses configures only on this interface will match

------------------

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted: