Getting kern/82724 (ipfw defaultroute/setnexthop) committed
Dmitry Pryanishnikov
dmitry at atlantis.dp.ua
Thu Apr 20 12:59:36 UTC 2006
Hello!
On Thu, 20 Apr 2006, Ari Suutari wrote:
> I have now been running two firewalls with
> patch included in kern/82724 since the pr was
> created (since june, 2005). Works ok, not a single panic
> or other problem.
I also think that both 'setnexthop' and 'defaultroute' are very useful
missing features. I'd even say that they are more significant omissions that
ignored "in/out/via any" (kern/95084). I'd like to see both of PRs commited.
It's really hard, e.g., to count and shape overall traffic via interface
if you're forwarding it there via several 'fwd' actions w/o having
'setnexthop'.
I have just one question about 'setnexthop': does it actualize xmit interface
name? E.g., say packet was originally routed via interface ed0, but we've
forwarded it out via fxp0:
00100 fwd $fxp_gw all from $user to any out via ed0
00150 count all from any to any out via fxp0
Will our packet match 150th rule? I really hope so, otherwise it isn't so
useful as it could be. Haven't checked it myself, but from the quick look
over the patch I'm afraid it doesn't change xmit interface name.
Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry at atlantis.dp.ua
nic-hdl: LYNX-RIPE
More information about the freebsd-ipfw
mailing list