[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DIVERT sockets



Steven Chamberlain <steven@pyro.eu.org> writes:
> On 29/08/14 03:31, Christoph Egger wrote:
>> Fails (returns -1) with "Protocol not supported" on kFreeBSD. Is that
>> intentional? Easy to fix? Noone knows and I should dig in it? Still
>> trying to figure out tcpcrypt
>
> It seems to be trying to add a ipfw DIVERT rule to intercept TCP
> connections.  Probably there is some equivalent way of doing this with PF?

It does the ipfw magic by means of comandline first as far as I can tell
and then plugs this in the ports. I have a working /sbin/ipfw for that
fwiw.

> Reminds me of how a transparent Squid proxy is configured - that too can
> be done with ipfw or PF.

Thanks for the pointer! I was already wondering how I can steal code to
do that using pf, will look for squid proxy stuff now!

  Christoph

Attachment: pgppFzRY7oIDX.pgp
Description: PGP signature


Reply to: