Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Sep 2005 14:27:51 +0200
From:      Jeremie Le Hen <>
To:        freebsd-ipfw@FreeBSD.ORG, vladone <>
Subject:   Re: in via or in recv
Message-ID:  <>
In-Reply-To: <>
References:  <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

> vladone <> wrote:
>  > What is difference between:
>  >   1. in via - in recv
> No difference.  When checking incoming packets (which "in"
> means), only the receiving interface is known, but not yet
> the transmitting interface, so "via" and "recv" do the same
> thing in that case.
>  >   2. out via - out xmit
> When checking outgoing packets ("out"), both the receiving
> and the transmitting interface are known, so "via" compares
> with both, while "xmit" only compares with the transmitting
> interface.  That's why "xmit" can only be used with "out",
> not with "in", while "recv" can be used with both "out" and
> "in".
> All of that is explained in detail in the ipfw(8) manpage.
>  > When need to use an variant or another?
> That depends on what you want to do.  In my experience
> there is rarely a need for "via".  Usually you only need
> "recv" and "xmit" (optionally combined with "in" and "out"
> as appropriate for your rules).

Given that this question is regurlarly asked, I've just written a
webpage explaining the difference among "via", "xmit" and "recv",
based on what has been said here in the past and my own understanding
of ipfw code.

This is quite short to read, and I would like some feedback on it.

Best regards,
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

Want to link to this message? Use this URL: <>