Neil Moore-Smith wrote:
>
> This is obviously a stupid question to the cognoscenti, but what do the
> "input" and "output" firewall options on the ipfwadm command actually, or
> are meant to be used for?
>
> I have a LRP firewall set up up with machine "A" on the internal network
> side. With no firewalling (i.e. accept all) I can ping it, read it's web
> pages etc from the external side. I can then use ipfwadm -F to block http
> (for example) from a specific external host. This works fine. If I then
> reinstate forwading and use ipfwadm -I with similar parameters, I get the
> same result. So what's the difference between F, I, and O? Is F simply a
> combination of I and O for ease of use?
Almost true if you only have 2 "real" network interface (omitting
the loopback), but the difference will become more obvious
if you have _more_ than 2 "real" network interfaces, where
you need to filter certain type of packet using different set
of rules...
eg:
Input NetA ----> eth0 ----> Forward? ---> eth1/ppp0 Output
Input NetB ----> eth1 ----> Forward? ---> eth0/ppp0 Output
Input NetC ----> ppp0 ----> Forward? ---> eth0/eth1 Output
--
+---| Netscape Communicator 4.x |---| Powered by Linux 2.1.x |---+
|/v\ Agus Budy Wuysang MIS Department |
| | Phone: +62-21-344-1316 ext 317 GSM: +62-816-1972-051 |
+--------| http://www.rad.net.id/users/personal/s/supes |--------+
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCS/IT dx s: a- C+++ UL++++$ P- L+++(++++) E--- W++ N+++ o? K? w-- O-
M- V-- PS+ PE Y-- PGP t+@ 5 X+ R- tv- b+ DI? D++(+) G e++ h* r+ y++
------END GEEK CODE BLOCK------
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
