Hello!
On Thu, 20 Apr 2006, Ari Suutari wrote:
I have now been running two firewalls with patch included in kern/82724 since the pr was created (since june, 2005). Works ok, not a single panic or other problem.
I also think that both 'setnexthop' and 'defaultroute' are very useful missing features. I'd even say that they are more significant omissions that
ignored "in/out/via any" (kern/95084). I'd like to see both of PRs commited. It's really hard, e.g., to count and shape overall traffic via interface if you're forwarding it there via several 'fwd' actions w/o having 'setnexthop'. I have just one question about 'setnexthop': does it actualize xmit interface name? E.g., say packet was originally routed via interface ed0, but we've forwarded it out via fxp0: 00100 fwd $fxp_gw all from $user to any out via ed0 00150 count all from any to any out via fxp0 Will our packet match 150th rule? I really hope so, otherwise it isn't so useful as it could be. Haven't checked it myself, but from the quick look over the patch I'm afraid it doesn't change xmit interface name. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: [EMAIL PROTECTED] nic-hdl: LYNX-RIPE _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
