Hi,
I was reading through an interview of pf developers[*], where Mike
Frantzen commented that
<quote>
There are already two ways to emulate Linux's DIVERT sockets and turn
an IDS into an IPS (Intrusion Prevention System). One could use PF to
route the packets to a tunnel device and read them there.
</quote>
Can some one elaborate on how this works? I could not find any other
mention of this technique anywhere else.
Thanks and regards,
raj
[*] http://www.onlamp.com/pub/a/bsd/2004/05/06/pf_developers.html?page=4