----- ipfw add 100 divert 7777 tcp from any to any via em0ipfw add 101 divert 7777 udp from any to any via em0 ipfw add 500 allow altq root_em0 ip from any to any via em0 ipfw add 1010 modip dscp:AF11 ip from any to any out divertedipfw add 1020 allow altq ftp ip from any to any out diverted 65535 deny ip from any to any-----
with the above ipfw rules, expect it would: 1) tcp, udp traffic divert to ipfw-classifyd, other traffic goes through altq root_em0 in matching rule 500 2) ipfw-classifyd reinject diverted traffic to match rule 1010, 1020 reading ipfw-classifyd divert socket sendto() with packet sin_port set to flow->if_fwrule (ftp == 1000 for instance), was expecting ipfw would continue with next rule which is 1010 in above. But ipfw seems to have continue with matching rule 500. wonder am i missing something ...? _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
