From owner-cvs-all Tue Feb 13 10:12: 3 2001 Delivered-To: cvs-all@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 6DB4137B4EC; Tue, 13 Feb 2001 10:11:56 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id f1DI7g831251; Tue, 13 Feb 2001 10:07:42 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200102131807.f1DI7g831251@iguana.aciri.org> Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c In-Reply-To: <200102131755.f1DHtQW39918@harmony.village.org> from Warner Losh at "Feb 13, 2001 10:55:26 am" To: imp@harmony.village.org (Warner Losh) Date: Tue, 13 Feb 2001 10:07:37 -0800 (PST) Cc: phk@critter.freebsd.dk, rizzo@aciri.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > In message <52435.982085938@critter> Poul-Henning Kamp writes: > : A forwarded packet would encounter three lists of rules: > : > : Input list on arrival interface > : forwarding list > : Output list on departure interface > > That would make my life easier here. Right now I have a shell script > with nested for loops to prevent bogus packets coming in (and no > filtering at all going out). When there's 8 interfaces, it gets ugly > fast. What you would actually need is a rule (which to the best of my knowledge does not exist now) that lets you check whether or not the packet has any receive interface associated with it (hence it is a forwarded packet). I think this would simplify your processing a lot. cheers luigi ----------------------------------+----------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . ACIRI/ICSI (on leave from Univ. di Pisa) http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704 Phone: (510) 666 2927 ----------------------------------+----------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message