Policy routing is the art of deviating from destination-based shortest-path routing decisions of dynamic routing protocols. Policy routing considers aspects such as source/destination address, ports, protocol, type of service (ToS), and entry interfaces; do not confuse it with a routing policy or traffic policing. Traffic policing and shaping are sometimes summarized as traffic conditioning. Linux offers by far the most evolved policy routing approach of all Unices via multiple routing tables, the Routing Policy Database (RPDB), and the iproute2 (ip and tc) package for administration. Most other UNIX implementations implement policy routing via firewall marks and packet-mangling hooks.
Policy-routing setup on BSD platforms is pretty straightforward, limited, and essentially integrated into firewall architectures . Firewalling, NAT, and policy enforcement are done by basically the same “packet-mangling” structures.
# pass out quick on bge0 to bge1:192.168.1.1 from 172.16.1.200 to any # pass out log quick on bge0 route-to le0:192.168.1.1 proto icmp from le0 to any # pass out log quick on bge0 proto icmp from any to any
Original Document: etutorials.org