Date: Thu, 16 Apr 2015 11:41:54 +0800 From: Julian Elischer <julian@freebsd.org> To: hiren panchasara <hiren@strugglingcoder.info>, freebsd-ipfw@freebsd.org Cc: nitroboost@gmail.com Subject: Re: ipfw on just inbound and not outbound Message-ID: <552F2F82.1060506@freebsd.org> In-Reply-To: <20150414210901.GA10620@strugglingcoder.info> References: <20150414210901.GA10620@strugglingcoder.info>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/15/15 5:09 AM, hiren panchasara wrote: > Apologies if this is something silly but I want to completely eliminate > ipfw from outgoing traffic perspective. I just want to have it on > incoming. I can always add "allow ip from any to any out" as the first > rule but that is still ipfw doing something. > > Is there a way to tell ipfw to not look at outbound traffic at all? no > > OR, the rule I mentioned is the best that can be done here? yes this touches on something I've been thinking of for a while.. per interface/direction rule sets. but that doesn't exist yet. you could write a kernel module that would disconnect the outgoing packet filter hooks but "hack" comes to mind as a description there. actually.... you could use the ipfw netgraph hook and only hook it up for incoming packets, but it would probably be not much more efficient than just having the rule, and more complicated to set up. > > cheers, > Hiren > > ps: Please keep me cc'd as I am not subscribed.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?552F2F82.1060506>