Nasser Heidari


FreeBSD Policy Routing

Filed under: freebsd — Nasser Heidari @ 14:22

Policy routing is the art of deviating from destination-based shortest-path routing decisions of dynamic routing protocols. Policy routing considers aspects such as source/destination address, ports, protocol, type of service (ToS), and entry interfaces; do not confuse it with a routing policy or traffic policing. Traffic policing and shaping are sometimes summarized as traffic conditioning. Linux offers by far the most evolved policy routing approach of all Unices via multiple routing tables, the Routing Policy Database (RPDB), and the iproute2 (ip and tc) package for administration. Most other UNIX implementations implement policy routing via firewall marks and packet-mangling hooks.
Policy-routing setup on BSD platforms is pretty straightforward, limited, and essentially integrated into firewall architectures . Firewalling, NAT, and policy enforcement are done by basically the same “packet-mangling” structures.

# pass out quick on bge0 to bge1: from to any
# pass out log quick on bge0 route-to le0: proto icmp from le0 to any
# pass out log quick on bge0 proto icmp from any to any

Original Document:


1 Comment »

  1. […] Plačiau […]

    Pingback by Policy-routing pavyzdys | — 2009-08-26 @ 08:12

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: