Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 2002 23:02:36 +0200
From:      Thomas Wolf <>
Subject:   interface check for packets originating from the local host ?
Message-ID:  <>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi there,

"packets originating from the local host have no receive interface" 
but is it possible/planned/nonsense to filter on exactly this
condition, something like:
'allow all from any to any out recv none xmit xxx0' ?

I am experimenting with a ruleset for several interfaces and I
try to design the rules on src/dst - interface and this would help
to distinguish 'natted' packets from locally generated ones
when they are leaving the system.

Thanks in advance

PS (slightly OT): Should the punch_fw option in natd also
create rules for outgoing passive ftp ? It does not (at least on
my 4.5 Box) but I wonder if it is my fault, a bug or a feature :-)

PPS: would this be the right list to post my ruleset asking for 
comments when it is finished ?

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>