From owner-freebsd-ipfw@freebsd.org Tue Jan 9 09:28:17 2018 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 774D2E71275; Tue, 9 Jan 2018 09:28:17 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from mout.gmx.net (mout.gmx.net [212.227.17.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D94C8731C8; Tue, 9 Jan 2018 09:28:16 +0000 (UTC) (envelope-from ohartmann@walstatt.org) Received: from freyja.zeit4.iv.bundesimmobilien.de ([87.138.105.249]) by mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id 0LoVja-1f6G513NYQ-00gXci; Tue, 09 Jan 2018 10:28:13 +0100 Date: Tue, 9 Jan 2018 10:28:13 +0100 From: "O. Hartmann" To: freebsd-current , freebsd-ipfw@freebsd.org Subject: ipfw: manpage: semantics of "receive" and "xmit" interfaces Message-ID: <20180109102813.63c32899@freyja.zeit4.iv.bundesimmobilien.de> Organization: Walstatt MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:mq+cuV3ySu8lxOX1qfEGF9txahhSP7odxonSBJxe6Wx59GjWzk3 W5rTKExpQi+FKZFjmh90KyPECjJir6csgBBfRetVOB0L+swxmvN53q+Rg/6hmUzj9gJNnL+ TuJotUSPd6MxHqH5Q7ZTrTjrpGpsisjHRYFDBZtNyNCPEOCn5Zx1sZO6zToJIT54V7tSYCJ lxnLfp3A+tZRaqNSxewFw== X-UI-Out-Filterresults: notjunk:1;V01:K0:NMgAgjFtdww=:k3CdCgLy/MAPqIwihC0Ssw e+pFrDlnC1uA77oriNBCE68xHJtrMRif4npqMglWX0Znsu6g8nQipfIrugizDPHDxz3EokjYB xm6cdGiCGM1eJkT9AWS1acNK9JaeCG3jXs45kOoWyjvdKQDY/pI06hqn6tygHqkRYEsnKNKz0 fAsWLjRBmAPEIZnZoVElQbkfM2wyE/yVwTkOaCGKdNfLifMsBF7K+dmEIWmOfgWYgHh/ZRlfe paRlMoUOl/BuyyPvpOJwGjPKLXaYIeg169xyCvPDgSAoraRg6tSPl15aOHXWONN6M5tVwVuzZ Q0WV0GataGO76R1D1VF2g3oXnp/TNbAj6oEWsBDBvhdWOe5GN9Vr2B/b5kFzf6/+F1SB9Jr9W M1iUScYkoTGo3CfKyYUxRiExt34LlainlgA5DNfdc+Dz9LH79Q80Nm3n6eJlVwNdNCjCagh7G 6waGyQQTQeHeUu1SGfPLXmi05SEck3HszQDRxKqx+wMGxLGcjMjohTJwoCsE8eaXmqOi3hL2u 1fVtUEhZsoUZkx+BChPQXDOKgWMv4HFlmCeusfbIs8CRxNLCris9bTK7+cuxzpULfuZ8UHFvZ I9ovRP19nT1E6eIr//iaiQs0XuCw4d0yojKSPtIfleEaEOgwvhuBZLPvBVPVxF8ap+cE2u/vG pVfjgh/aRDsE5HxuAVA6A8/SOeUf4c/ZZshsTh/SOEoIMNfuobZxx8lUycJtsy46CB4qZLYzO zIfyKyO5T7ziVj9sSJ9fbcVFXtcM/i+Ik4/ORjhkbqn6mgslsyKUTubY2j9+nH60KRWDWQGJl XgQ8oCT2P6ddlg8sZKlIfqYx6f3vfQnibu9BrhzKy5Zo4IfGvc= X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2018 09:28:17 -0000 I feel confused by the ipfw manpage, while trying to setup a set of filtering rules on a small router project with in-kernel NAT. It is a kind of hard based on the ipfw man page to figure out, what the meaning is of the receive and xmit interface. Maybe it is only me that has problems, but I doubt it, since I tried to ask around my department and it broke loose a discussion - based upon what one can read in the manpage - not reading source codes. In section RULE OPTIONS, there is recv|xmit|via explained (a bit). There is also an example: ipfw add deny ip from any to any out recv ed0 xmit ed1 Can someone explain a bit more what the semantics of these is? I get especially confused by the subsequent blocks of text following the line I mentioned above. Since not everybody using FreeBSD is capable of studying the kernel sources, I have difficulties to put those statements in line with a visualization of the packet flow. A local host receiving a packets destined for the local host can not have xmit interface? If I imagine, that the recv interface might be the interface adjacent directly to the in/out port depicted in section PACKET FLOW it doesn't give me any idea why there is no xmit interface. If it's my dumb brain missing things, I'm sorry. Otherwise I'd be glad to have some more informations and maybe the manpage could be enriched with some notes helping other poor people like me. Thanks in advance, Oliver