Date: Tue, 13 Feb 2001 10:07:37 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: imp@harmony.village.org (Warner Losh) Cc: phk@critter.freebsd.dk, rizzo@aciri.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <200102131807.f1DI7g831251@iguana.aciri.org> In-Reply-To: <200102131755.f1DHtQW39918@harmony.village.org> from Warner Losh at "Feb 13, 2001 10:55:26 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <52435.982085938@critter> Poul-Henning Kamp writes: > : A forwarded packet would encounter three lists of rules: > : > : Input list on arrival interface > : forwarding list > : Output list on departure interface > > That would make my life easier here. Right now I have a shell script > with nested for loops to prevent bogus packets coming in (and no > filtering at all going out). When there's 8 interfaces, it gets ugly > fast. What you would actually need is a rule (which to the best of my knowledge does not exist now) that lets you check whether or not the packet has any receive interface associated with it (hence it is a forwarded packet). I think this would simplify your processing a lot. cheers luigi ----------------------------------+----------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone: (510) 666 2927 ----------------------------------+----------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102131807.f1DI7g831251>