Date: Wed, 9 Jul 2003 18:51:45 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Gregory Bond <gnb@itga.com.au> Cc: Diego Linke - GAMK <linke@calnet.com.br> Subject: Re: I have four ideia for IPFW2 Message-ID: <20030709185145.A7164@xorpc.icir.org> In-Reply-To: <200307092343.JAA04684@lightning.itga.com.au>; from gnb@itga.com.au on Thu, Jul 10, 2003 at 09:43:55AM %2B1000 References: <200307092343.JAA04684@lightning.itga.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 10, 2003 at 09:43:55AM +1000, Gregory Bond wrote:
> > My idea is an keyword specific for each interface.
> > Sample:
> > ipfw add allow ip from any to me_xl0 via xl0
>
> This is easy to do with a little bit of shell hacking in rc.firewall
> me_xl0=`ifconfig xl0 | awk '/inet /{ print $2;}'`
actually not. "me" is evaluated at runtime so if the interface
address changes your awk hack will fail.
This said, "... to me_xl0 via xl0 " (where btw i do not understand
the 'via' part as it will only make sense as 'in recv xl0') seems
to break in case you are multihomed because it would require people
to use a different address to talk to you according to which side
they are...
cheers
luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030709185145.A7164>