Date: Tue, 2 Aug 2005 21:51:45 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: Another bug in IPFW@ ...? Message-ID: <200508022151.45925.asstec@matik.com.br> In-Reply-To: <200508021746.j72Hk6Wq006760@lurza.secnetix.de> References: <200508021746.j72Hk6Wq006760@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 02 August 2005 14:46, Oliver Fromme wrote: > > P.S. looks very strange "out not recv any xmit" > > It's perfectly valid syntax according to ipfw(8). (1+1-1)/1 also ... ;) > > 1. "out" --> match only outgoing packets. > > 2. "not recv any" --> match packets that haven't been > received through any interface (i.e. which originate > from the local host). It's simply a negation of > "recv any", see the ipfw(8) manpage. > > 3. "xmit dc0" --> match packets which are going to be > transmitted through the dc0 interface. > even if I agree to your logic aspect in general I thought out and xmit is probably exactly the same still especially as you set src-ip and dst-ip so the interface where this packages are xmit is defined by the routes localhost normally runs on lo0 which is an interface as any other so which ghost packages you try to catch here? probably this rule you try is a deny all rule since any package is beeing received by some IF before it can go out or xmit Hans A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508022151.45925.asstec>