Date: Thu, 15 May 2003 23:01:38 +0200 (CEST) From: nisse@hubsch.org To: freebsd-ipfw@freebsd.org Subject: ipfw2: How to detect packets without incoming interface? Message-ID: <20030515225945.Y63945-100000@snaps.home>
next in thread | raw e-mail | index | archive | help
In ipfw1 I could use "recv any" to indicate that a packet originated on a
remote host. To for example prevent tcp traffic from being forwarded
trough the host but still allow traffic to/from the host on all interfaces
it was possible to say
ipfw add deny tcp from any to any out recv any
ipfw add allow tcp from any to any
How do I do this with ipfw2?
I want to detect locally generated packets.
netinet/ip_fw2.c does't seem to handle the "any" case and ipfw2.c contains
the following lines:
/* Parse the interface or address */
if (!strcmp(arg, "any"))
cmd->o.len = 0; /* effectively ignore this command */
--
Mikael Hubsch
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030515225945.Y63945-100000>