On Wed, 23 Apr 2003, Andreas =D6man wrote:

> Bill Studenmund wrote:
>
> >>Here, there are a number of filter points:
> >>
> >>  I/W: input, wire side of IPsec
> >>  I/H: input, host side of IPsec
> >>  I/F: input, before forwarding
> >>  I/host: input, before delivery to host via a pcb
> >
> > Add NAT to that too. :-)
>
> Another thing, I would like to see a way to add ip-filters to a socket.

I hate to bust in on a discussion that I dont really understand (I use PPP
and thats it :) maybe netgraph is the way to implement all this?  I must
admit my reading was superficial at best, but it sounded flexible enough
for you to specify how data flows through your system, so I guess you
could add filters to just about anything in any order you chose?

iain