Date: Fri, 18 Feb 2000 15:00:00 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: William Wong <willwong@anime.ca> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd Message-ID: <20000218150000.D4423@hades.hell.gr> In-Reply-To: <006601bf7779$59342140$0300a8c0@anime.ca>; from willwong@anime.ca on Tue, Feb 15, 2000 at 12:56:05AM -0500 References: <006601bf7779$59342140$0300a8c0@anime.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 15, 2000 at 12:56:05AM -0500, William Wong wrote: > > A curiosity question. > > Though I think it doesn't make much difference I think in the end... > > Should ipfw "deny/allow" rules be set before or after the "divert to > natd" rule? > > I've been using the latter and everything seems to work right. Ipfw will use the action of the *first* matching rule. A rule like: deny ip from any to any will match with any IP datagram. Having the rules: deny ip from any to any allow tcp from any to $myaddr 25 will make the second rule pretty much redundant, since ALL tcp packets will match witht he first rule too and be dropped. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr PGP fingerprint, phone and address in the headers of this message. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000218150000.D4423>