Date: Sun, 29 Feb 2004 17:58:53 -0500 From: "Shaun T. Erickson" <ste@ste-land.com> To: questions@freebsd.org Subject: ipfw ruleset traversal question Message-ID: <40426EAD.50004@ste-land.com>
next in thread | raw e-mail | index | archive | help
I'm trying to port my linux netfilter/iptables firewall to 5.2.1-RESLEASE. Iptables has the concept of "chains". There are three defined by the system: INPUT, FORWARD & OUTPUT. Packets coming into the system that are destined for a local process traverse the INPUT chain only, packet generated by the system, and leaving it, traverse the OUTPUT chain only, and packets that are simply passing through the system traverse the FORWARD chain only. One nice benefit of this, is that inbound packets don't have to traverse rules for outbound packets and vice-versa. This allows efficient grouping of rules and reduces the performance hit of packets having to be checked by all rules. How can I set up my ipfw ruleset so that I can achieve that same benefit? TIA -ste
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40426EAD.50004>