From owner-freebsd-ipfw@FreeBSD.ORG Fri Aug 1 09:33:52 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41A9437B401 for ; Fri, 1 Aug 2003 09:33:52 -0700 (PDT) Received: from exchange.wan.no (exchange.wan.no [80.86.128.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 45AB943FAF for ; Fri, 1 Aug 2003 09:33:51 -0700 (PDT) (envelope-from sten.daniel.sorsdal@wan.no) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Date: Fri, 1 Aug 2003 18:32:05 +0200 Message-ID: <0AF1BBDF1218F14E9B4CCE414744E70F1F3E28@exchange.wanglobal.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Suggestion regarding a new option for IPFW2 Thread-Index: AcNYRsp1rLRcBSBjSViDnHjeijH36wAA6BPQ From: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= To: "Michael Sierchio" cc: freebsd-ipfw@freebsd.org Subject: RE: Suggestion regarding a new option for IPFW2 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Aug 2003 16:33:52 -0000 > > I dont see how one could divert unreach host messages when unreach=20 > > host drops the message? > > It is the error messages generated by IPFW that i am referring to,=20 > > in case that was unclear. >=20 > You want the source of a an 'unreach' message to be rewritten > with the destination of the offending packet? So, a parameter > to 'unreach' or 'reset' which is an IP address, and could take > the keyword "dest" or something like that? >=20 > ipfw add unreach host-prohib ip from any to any auth=20 > src-alias 10.0.0.1 >=20 > or >=20 > ipfw add unreach host-prohib ip from any to any auth src-alias target >=20 Yes, like that. - Sten