Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 2002 23:02:36 +0200
From:      Thomas Wolf <net@wsf.at>
To:        freebsd-ipfw@freebsd.org
Subject:   interface check for packets originating from the local host ?
Message-ID:  <20020625205854.ZGGS9315.viefep13-int.chello.at@there>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi there,

"packets originating from the local host have no receive interface" 
but is it possible/planned/nonsense to filter on exactly this
condition, something like:
'allow all from any to any out recv none xmit xxx0' ?

I am experimenting with a ruleset for several interfaces and I
try to design the rules on src/dst - interface and this would help
to distinguish 'natted' packets from locally generated ones
when they are leaving the system.

Thanks in advance
Thomas

PS (slightly OT): Should the punch_fw option in natd also
create rules for outgoing passive ftp ? It does not (at least on
my 4.5 Box) but I wonder if it is my fault, a bug or a feature :-)

PPS: would this be the right list to post my ruleset asking for 
comments when it is finished ?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020625205854.ZGGS9315.viefep13-int.chello.at>