Date: Thu, 30 Jul 1998 10:48:37 +1000 (EST) From: Andrew Cagney <cagney@tpgi.com.au> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: docs/7437: IPFW doco unclear about in/out Message-ID: <199807300048.KAA00980@andrew1.lnk.telstra.net>
next in thread | raw e-mail | index | archive | help
>Number: 7437 >Category: docs >Synopsis: IPFW doco unclear about in/out >Confidential: yes >Severity: serious >Priority: medium >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Wed Jul 29 17:50:01 PDT 1998 >Last-Modified: >Originator: Andrew Cagney >Organization: >Release: FreeBSD 2.2.6-RELEASE i386 >Environment: IPFW configured into the kernel. Dual homed machine. >Description: The documentation on IPFW isn't clear about its behavour when handling a packet that is traversing a host acting as a gateway. >How-To-Repeat: Look through the IPFW doc for a clear explanation of when/how the packet filtering rules are applied. Look through the IPFW doc for a clear explanation of what meta information is attached to a packet when it is presented to the packet filter. >Fix: The first part is to precisely describe the meta information associated with a IPFW IP packet. I think it is: o interface(s) (recv, xmit) o direction as well as the obvious: o IP address o packet type o port address (tcp/udp) o estab o .... The second part is to explain that every packet is put through the IPFW rules as part of traversing an interface. (I.e. twice for a routed packet). If someone wants to work with me I'll make comments (at least) on the changes. Andrew PS: The doco don't need to be an explanation on how to operate a firewall, rather how this specific firewall is implemented. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807300048.KAA00980>