Date: Wed, 7 May 2003 20:41:33 +0200 (CEST) From: nisse@hubsch.org To: freebsd-net@freebsd.org Subject: ipfw2: Detecting packets without incoming interface Message-ID: <20030507203714.E41411-100000@snaps.home>
next in thread | raw e-mail | index | archive | help
In ipfw1 I could use "recv any" to indicate that a packet originated on a
remote host. To for example prevent tcp traffic from being forwarded
trough the host but still allow traffic to/from the host on all interfaces
it was possible to say
ipfw add deny tcp from any to any out recv any
ipfw add allow tcp from any to any
How do I do this with ipfw2?
I want to detect locally generated packets.
netinet/ip_fw2.c does't seem to handle the "any" case and ipfw2.c has the
following code:
/* Parse the interface or address */
if (!strcmp(arg, "any"))
cmd->o.len = 0; /* effectively ignore this command */
--
Mikael Hubsch
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030507203714.E41411-100000>