On Tue, 16 Mar 2010, Stuart Henderson wrote:
>On 2010-03-16, Stuart Henderson <[email protected]> wrote:
>> On 2010-03-16, Dave Anderson <[email protected]> wrote:
>>> I do notice that 4.7 has a new divert-to-userland ability that looks
>>> like it could be used to solve this problem properly
>>
>> I think the proxy code involved with this would be considerably
>> more complicated than the current method (even taking into the
>> account that PF can defragment)..
>
>...divert-to (added in 4.4) should be simpler though.
I'd missed that one. But can it intercept outbound packets on the
egress interface? divert-packet is documented as doing so, which is the
feature that caught my eye -- that allows capturing in one spot all FTP
traffic from on or behind the firewall system.
Dave
--
Dave Anderson
<[email protected]>
