On Wednesday 03 August 2005 06:11, Luigi Rizzo wrote: > there are internally generated packets which do not have > a rcvif (which is what really 'recv' means); > and any packet in the input path does not have an output-if > (which is wht really 'xmit' means). >
well, means that any rule using IF here is not catching anything and you get them as with src-ip and dst-ip only, unless you really can say "not recv any" or isn't this "not in"? nb# ipfw add pass proto ip not in 65500 allow ip from any to any out practically correct? or only logical? anyway, looking at the initial rule and what you said a msg before: # ipfw add pass ip from $A to $N out not recv any xmit xl0 00900 allow ip from $A to $N out xmit xl0 "out xmit IF" isn't this kind of unecessary double-check and ipfw should not accept it? what match first here, ou or xmit? And look what I get: nb# ipfw add pass proto ip src-ip $A dst-ip $N out not in xmit dc0 65500 allow ip from any to any src-ip $A dst-ip $N out out xmit dc0 Hans A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
