Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jan 2018 10:28:13 +0100
From:      "O. Hartmann" <ohartmann@walstatt.org>
To:        freebsd-current <freebsd-current@freebsd.org>, freebsd-ipfw@freebsd.org
Subject:   ipfw: manpage: semantics of "receive" and "xmit" interfaces
Message-ID:  <20180109102813.63c32899@freyja.zeit4.iv.bundesimmobilien.de>

Next in thread | Raw E-Mail | Index | Archive | Help
I feel confused by the ipfw manpage, while trying to setup a set of filtering
rules on a small router project with in-kernel NAT.

It is a kind of hard based on the ipfw man page to figure out, what the meaning
is of the receive and xmit interface. Maybe it is only me that has problems,
but I doubt it, since I tried to ask around my department and it broke loose a
discussion - based upon what one can read in the manpage - not reading source
codes.

In section RULE OPTIONS, there is recv|xmit|via explained (a bit). There is
also an example:

ipfw add deny ip from any to any out recv ed0 xmit ed1

Can someone explain a bit more what the semantics of these is? I get especially
confused by the subsequent blocks of text following the line I mentioned above.
Since not everybody using FreeBSD is capable of studying the kernel sources, I
have difficulties to put those statements in line with a visualization of the
packet flow. A local host receiving a packets destined for the local host can
not have xmit interface? If I imagine, that the recv interface might be the
interface adjacent directly to the in/out port depicted in section PACKET FLOW
it doesn't give me any idea why there is no xmit interface. 

If it's my dumb brain missing things, I'm sorry. Otherwise I'd be glad to have
some more informations and maybe the manpage could be enriched with some notes
helping other poor people like me.

Thanks in advance,
Oliver 



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20180109102813.63c32899>