>>>>>	I still do not understand your goal... anyway,
>>>>sorry, i didn't really go into that yet.  i wanted to create a "null"
>>>>network interface, similar to that which one might find on a cisco.
>>>>useful for blackhole routing, ipfiltering (yes, really!), etc.
>>>	for example, is this insufficient for your goal?
>>>	# route add -inet 10.0.0.0 127.0.0.1 -reject
>>okay, that'll blackhole the packets, but i wanna sniff 'em.
>
>	this is possible.
>	# ifconfig lo0 127.0.0.1
>	# ifconfig lo1 127.0.0.1
>	# route add -inet 10.0.0.0 -netmask 0xff000000 127.0.0.1 -reject
>	# route change -inet 10.0.0.0 -netmask 0xff000000 -ifp lo1
>	# tcpdump -n -i lo1 &
>	# ping -n 10.0.0.1

i was thinking more along the lines of:

   # ipf -Fa -f -
   ...
   (rules rules rules until i get to my catch all at the bottom)
   ...
   pass in quick all on ex0 to lo1 from any to any

and then start "tcpdump -w/var/log/blocked -s2000 -ilo1" from rc.d so
that i can examine the packets later.  tcpdump's syntax for dealing
with packets is far superior to ipmon's output and grep.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."