Hey guys, I've found "/sbin/sysctl net.inet.ip.fw.one_pass=0" not to work on rules that have the "in via IF" specified.
Replicated: ipfw add 00082 count log ip from 60.234.68.88/29 to any in via em1 ipfw add 00082 count log ip from any to 60.234.68.88/29 out via em1 ipfw add 01082 count log ip from 60.234.68.88/29 to any in via em1 ipfw add 01082 count log ip from any to 60.234.68.88/29 out via em1 Rule 82 picks up traffic but rule 1082 gets none. It works fine if I use: ipfw add 00082 count ip from any to 60.234.68.88/29 in ipfw add 00082 count ip from 60.234.68.88/29 to any out ipfw add 01082 count ip from any to 60.234.68.88/29 in ipfw add 01082 count ip from 60.234.68.88/29 to any out However I need to specify an interface (em1) as I'll be adding a FWD rule to a transparent proxy and want it to count the traffic to the proxy too. Any ideas? Cheers Barry _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
