From owner-freebsd-hackers  Tue May  6 15:48:04 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id PAA10800
          for hackers-outgoing; Tue, 6 May 1997 15:48:04 -0700 (PDT)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA10744
          for <hackers@FreeBSD.ORG>; Tue, 6 May 1997 15:47:59 -0700 (PDT)
Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.7.3) id IAA26933; Wed, 7 May 1997 08:51:16 +1000 (EST)
Date: Wed, 7 May 1997 08:51:15 +1000 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: Archie Cobbs <archie@whistle.com>
cc: hackers@FreeBSD.ORG
Subject: Re: divert still broken?
In-Reply-To: <199705061722.KAA16510@bubba.whistle.com>
Message-ID: <Pine.BSF.3.91.970507084130.4479r-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk



On Tue, 6 May 1997, Archie Cobbs wrote:

> Proposal:
> 
> 	deny			: drop silently (same as before)
> 	reject			: send ICMP unreachable (same as before)

[...good proposal snipped..]

Looks great.
 
> Anything else? :-)

Can't think of anything, offhand.  Other than splitting up the ipfw rule 
lists so there is a general list and a list per interface.  Having 
interface lists would speed up searching for rules.

Danny