Hi, All! I have written a small patch for a packets tagging with ipfw.
The description of OpenBSD packet tagging is here: http://www.openbsd.org/faq/pf/tagging.html An IPFW tags is not compatible with PF tags. This feature can be usable with some netgraph modules. We can create a netgraph node that marks packets with some tags and use this node with other nodes. IPFW can detect and filter packets with tags. Also we can mark packets before NAT and detect tagged packets after translation. NAT based on divert sockets do not allow this, but i think ng_nat can.. Patches can be found here: http://butcher.heavennet.ru/patches/kernel/ipfw_tags/ -- WBR, Andrey V. Elsukov _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
