Date: Tue, 13 Feb 2001 10:41:09 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: rizzo@aciri.org (Luigi Rizzo) Cc: imp@harmony.village.org, phk@critter.freebsd.dk, rizzo@aciri.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c Message-ID: <200102131841.f1DIfEJ31419@iguana.aciri.org> In-Reply-To: <200102131807.f1DI7g831251@iguana.aciri.org> from Luigi Rizzo at "Feb 13, 2001 10: 7:37 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > In message <52435.982085938@critter> Poul-Henning Kamp writes:
> > : A forwarded packet would encounter three lists of rules:
> > :
> > : Input list on arrival interface
> > : forwarding list
> > : Output list on departure interface
> >
> > That would make my life easier here. Right now I have a shell script
> > with nested for loops to prevent bogus packets coming in (and no
> > filtering at all going out). When there's 8 interfaces, it gets ugly
> > fast.
>
> What you would actually need is a rule (which to the best
> of my knowledge does not exist now) that lets you check
... and my knowledge proved to be wrong:
ipfw add ... out recv any
^^^^^^^^^^^^
does what i wanted. So you can jump to your "forwarding list"
with a rule like
ipfw add skipto 10000 ip from any to any out recv any
and have code your access-list 10000 as your forwarding ruleset.
cheers
luigi
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102131841.f1DIfEJ31419>