Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Jun 2002 02:05:54 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Achim Patzner <ap@bnc.net>
Cc:        Thomas Wolf <net@wsf.at>, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: interface check for packets originating from the local host ?
Message-ID:  <20020626020554.A34406@iguana.icir.org>
In-Reply-To: <EAELLHHODLNIKKPLOLEMAECICKAA.ap@bnc.net>; from ap@bnc.net on Wed, Jun 26, 2002 at 10:08:56AM +0200
References:  <20020625205854.ZGGS9315.viefep13-int.chello.at@there> <EAELLHHODLNIKKPLOLEMAECICKAA.ap@bnc.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, Jun 26, 2002 at 10:08:56AM +0200, Achim Patzner wrote:
> > "packets originating from the local host have no receive interface" 
> > but is it possible/planned/nonsense to filter on exactly this
> 
> Nonsense.

i beg to differ... it is both possible and planned.

> > condition, something like:
> > 'allow all from any to any out recv none xmit xxx0' ?
> 
> What's wrong with "allow all from me to [...]"?

"me" is an expensive check when you can simply look at the rcvif
field in the mbuf header (not to mention che slightly different
behaviour in corner cases such as packet coming from divert sockets).

	cheers
	luigi
> 
> Achim
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020626020554.A34406>