Date: Mon, 18 Feb 2002 19:41:53 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Bing Li <calibing@yahoo.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Difference between "src to dst" and "dst to src" Message-ID: <20020218194153.U48401@blossom.cjclark.org> In-Reply-To: <20020219031018.39579.qmail@web21410.mail.yahoo.com>; from calibing@yahoo.com on Mon, Feb 18, 2002 at 07:10:18PM -0800 References: <20020219031018.39579.qmail@web21410.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 18, 2002 at 07:10:18PM -0800, Bing Li wrote: > Hi, > > Is there any difference between the two as follows: > > add 100 allow tcp from src to dst 22 > add 101 allow tcp from dst 22 to src Uh, well, let's use hostname examples, add 100 allow tcp from client to server 22 add 101 allow tcp from server 22 to client The first rule passes packets TCP with a source address of "client," and destination address of "server" and destination port 22. The second rule passes TCP packets with a source address of "server" and source port of 22, and destination address of "client." > I was confused with the output of "ipfw show": > > 00100 1532 112460 allow tcp from src to dst 22 > 00101 1101 275166 allow tcp from dst 22 to src > > Why are the values of second columes different? > So are the values of third columes. The traffic was > generated only by ssh from src to dst. A TCP connection is a duplex connection. Traffic must flow in both directions. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020218194153.U48401>