On Wed, Mar 24, 2010 at 09:08:48PM -0400, Geoff wrote:
> I'm trying to set up spamd on my firewall system.
>
> The configuration is tricky because my upstream provider
> (Verizon) only gives me 5 IPs, all on the same subnet.
>
> The firewall system is acting as a bridge and as a router.
I've been looking through pf.c, if_bridge.c in -current
The changes seem to answer some of my complaints.
I'm going to have to update & run some tests...
I hope all of the team's effort has made this much, much better.
There's one set of tests at lines 5770-5773 of net/pf.c:
kif->pfik_bytes[0][dir == PF_OUT][action != PF_PASS] += pd.tot_len;
kif->pfik_packets[0][dir == PF_OUT][action != PF_PASS]++;
if (action == PF_PASS || r->action == PF_DROP) {
Where I wonder if the tests for PF_PASS should also
include PF_DIVERT? It looks like PF_DIVERT packets would
be incorrectly accounted for in the two single
lines and completely missed in the large block.
thanks
geoff
