Hi Luigi, > yes but it is a different action and you may want both types > of rules in the same ruleset, so a sysctl is out of discussion. > I really believe the "setnexthop" action is the best approach.
IMHO, making the "fwd" action non-terminal (as the "count" action) is the best way to achieve this. When net.inet.ip.fw.one_pass is set to 1, then it will behave like actually. When set to 0, the user will have to explicitely use an "accept" or a "skipto" rule to stop going through the rules, in the same way you would do it for a "pipe" action. However, the main problem with this approach is that it breaks POLA. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
