From owner-freebsd-ipfw Wed Jun 26 2: 7:22 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id A4B7937B400 for ; Wed, 26 Jun 2002 02:07:19 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g5Q95sO34590; Wed, 26 Jun 2002 02:05:54 -0700 (PDT) (envelope-from rizzo) Date: Wed, 26 Jun 2002 02:05:54 -0700 From: Luigi Rizzo To: Achim Patzner Cc: Thomas Wolf , freebsd-ipfw@FreeBSD.ORG Subject: Re: interface check for packets originating from the local host ? Message-ID: <20020626020554.A34406@iguana.icir.org> References: <20020625205854.ZGGS9315.viefep13-int.chello.at@there> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from ap@bnc.net on Wed, Jun 26, 2002 at 10:08:56AM +0200 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jun 26, 2002 at 10:08:56AM +0200, Achim Patzner wrote: > > "packets originating from the local host have no receive interface" > > but is it possible/planned/nonsense to filter on exactly this > > Nonsense. i beg to differ... it is both possible and planned. > > condition, something like: > > 'allow all from any to any out recv none xmit xxx0' ? > > What's wrong with "allow all from me to [...]"? "me" is an expensive check when you can simply look at the rcvif field in the mbuf header (not to mention che slightly different behaviour in corner cases such as packet coming from divert sockets). cheers luigi > > Achim > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message