From owner-freebsd-questions  Wed Jul 29 17:15:58 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA10280
          for freebsd-questions-outgoing; Wed, 29 Jul 1998 17:15:58 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from andrew1.lnk.telstra.net (andrew1.lnk.telstra.net [139.130.51.121])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA10132;
          Wed, 29 Jul 1998 17:15:32 -0700 (PDT)
          (envelope-from cagney@tpgi.com.au)
Received: (from cagney@localhost) by andrew1.lnk.telstra.net (8.8.8/8.7.3) id KAA00812; Thu, 30 Jul 1998 10:16:56 +1000 (EST)
Received: from Messages.8.5.N.CUILIB.3.45.SNAP.NOT.LINKED.b1.cygnus.com.i386.bsd
          via MS.5.6.b1.cygnus.com.i386_bsd;
          Thu, 30 Jul 1998 10:16:55 +1000 (WET)
Message-ID: <Apjvhrk60kM0E1XAR8@tpgi.com.au>
Date: Thu, 30 Jul 1998 10:16:55 +1000 (WET)
From: Andrew Cagney <cagney@tpgi.com.au>
To: Archie Cobbs <archie@whistle.com>
Subject: Re: IPFW rules applied twice?
CC: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
In-Reply-To: <199807292052.NAA19705@bubba.whistle.com>
References: <199807292052.NAA19705@bubba.whistle.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Excerpts from mail: 29-Jul-98 Re: IPFW rules applied twice? Archie
Cobbs@whistle.com (634*)

> Yes, firewall rules are applied as packets enter and as they
> leave an interface. That's why you can specify "in" and/or "out"
> in the firewall rules.

Good :-)

I think the documentation needs to be very clear about this - when it
comes to security things can't be left cloudy -)

	thanks,
		Andrew

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message