从IP地址A.A.A.A到另一个地址B.B.B.B的下一条路由地址C.C.C.C
linux下有ip route2 实现 ;在openbsd下应该这样实现
?pass out log on em0 route-to (em0 C.C.C.C) inet from A.A.A.A to B.B.B.B flags S/SA keep state
即可.
? If a packet matches a rule with a route option set, the packet filter
will route the packet according to the type of route option.? When such a
rule creates state, the route option is also applied to all packets
matching the same connection.
fastroute
The fastroute option does a normal route lookup to find the next
hop for the packet.
route-to
The route-to option routes the packet to the specified interface
with an optional address for the next hop.? When a route-to rule
creates state, only packets that pass in the same direction as the
filter rule specifies will be routed in this way.? Packets passing
in the opposite direction (replies) are not affected and are routed
normally.
reply-to
The reply-to option is similar to route-to, but routes packets that
pass in the opposite direction (replies) to the specified inter-
face.? Opposite direction is only defined in the context of a state
entry, and reply-to is useful only in rules that create state.? It
can be used on systems with multiple external connections to route
all outgoing packets of a connection through the interface the in-
coming connection arrived through (symmetric routing enforcement).
dup-to
The dup-to option creates a duplicate of the packet and routes it
like route-to.? The original packet gets routed as it normally
would.
转载请注明:Kermit的网站 » openbsd下策略路由的实现