From owner-freebsd-questions@FreeBSD.ORG Wed Apr 16 01:14:30 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 51ABB88D for ; Wed, 16 Apr 2014 01:14:30 +0000 (UTC) Received: from mail-qa0-x22c.google.com (mail-qa0-x22c.google.com [IPv6:2607:f8b0:400d:c00::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 158BC1553 for ; Wed, 16 Apr 2014 01:14:30 +0000 (UTC) Received: by mail-qa0-f44.google.com with SMTP id hw13so9948563qab.17 for ; Tue, 15 Apr 2014 18:14:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=TPAV+D0So/G47kGhdsm6VBSgmNZWCa46vIm99kKUADg=; b=qq8q8Na3fVmDpmRXh1PDymxKjuC3AsLsIxtB3Z14qYtf+HUPYVBw/hlQ5TPlO81hBu N1XMi0vRPB9TPJJ8tlkfYN1Ijf+9Jo/a10N0hpr1joZP8nUsPIv+jhhbvd6Wd4q3jTBF hO7QWgCNlArgZM/gCp/uQQ9A6UQWz//KB18ibET5zBwYdWAJXf0wcPKDF/N3g3hXlLhC JAoS5yEvAIiH22TDTBsG3uq/x1E+Uqys8+vKA082WAJiBVgWmAT0jtvRyszF0AyhovHJ jkqb4ZSeTBNPVLWRuLx4j6rvHlAg3QOHNdpQd3K7Ry+wkYz3q5fkZ9mDHjC2Xr5hDScx J8fg== MIME-Version: 1.0 X-Received: by 10.224.60.71 with SMTP id o7mr1520462qah.38.1397610869221; Tue, 15 Apr 2014 18:14:29 -0700 (PDT) Received: by 10.96.60.227 with HTTP; Tue, 15 Apr 2014 18:14:29 -0700 (PDT) Date: Wed, 16 Apr 2014 09:14:29 +0800 Message-ID: Subject: ipfw option `in` is not working on FreeBSD10 From: lhmwzy To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Apr 2014 01:14:30 -0000 Descriptionaccording to the man page, the rule option `in|out` are still supported in FreeBSD10. But somehow the rule with in did not match anything in my case.How-To-Repeatroot@FB10:~ # ipfw -f flush Flushed all rules. //Create rules <--------------------------------- root@FB10:~ # ipfw add count all from any to any MAC any any in via em0 00100 count ip from any to any MAC any any in via em0 root@FB10:~ # ipfw add count all from any to any MAC any any via em0 00200 count ip from any to any MAC any any via em0 //Check counters<----------------------------------- root@FB10:~ # ipfw show 00100 0 0 count ip from any to any MAC any any in via em0 00200 26 2232 count ip from any to any MAC any any via em0 65535 3453 293448 allow ip from any to any oot@FB10:~ # sysctl -a | grep net.link.ether.ipfw net.link.ether.ipfw: 1