[Snort-users] [OT]: Policy Routing

Fyodor fygrave at ...121...
Tue Mar 6 10:41:46 EST 2001


On Tue, Mar 06, 2001 at 01:48:51PM -0000, Avleen Vig wrote:
> Does anyone know if it's possible to do Source Address Based Policy Routing on FreeBSD
> without IPFW, or with IPF?

Your question sounds interesting 'without IPFW or with IPF'.. :) Should it read 'using IPF instead of IPFW'? :) 

You can probably do redirection based on the source IP address with IPF as well. Something like
this might work:

pass out proto tcp from your_source to your dest head 10
rdr <int> 0.0.0.0/0 port any -> your_redir_target port 12345 group 10

or something... (althrough source-address based policy routing is not what IPF
nor IPFW are supposed to do, you will probably want to have a look into routing
daemons or something)

Oh, and by the way, it is kinda off-topic here :)






More information about the Snort-users mailing list