From owner-freebsd-questions  Mon Jan  6  9:23:46 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14BE937B401
	for <freebsd-questions@freebsd.org>; Mon,  6 Jan 2003 09:23:45 -0800 (PST)
Received: from mta06-svc.ntlworld.com (mta06-svc.ntlworld.com [62.253.162.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D82E843ED4
	for <freebsd-questions@freebsd.org>; Mon,  6 Jan 2003 09:23:43 -0800 (PST)
	(envelope-from jon@witchspace.com)
Received: from witchspace.com ([80.3.251.242]) by mta06-svc.ntlworld.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP
          id <20030106172339.BXZV20174.mta06-svc.ntlworld.com@witchspace.com>
          for <freebsd-questions@freebsd.org>;
          Mon, 6 Jan 2003 17:23:39 +0000
Received: (qmail 27054 invoked from network); 6 Jan 2003 17:23:42 -0000
Received: from unknown (HELO witchspace.com) (192.168.0.1)
  by dookie.witchspace.com with SMTP; 6 Jan 2003 17:23:42 -0000
Message-ID: <3E19BB9E.6010207@witchspace.com>
Date: Mon, 06 Jan 2003 17:23:42 +0000
From: Jonathan Belson <jon@witchspace.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021219
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ceri Davies <setantae@submonkey.net>
Cc: freebsd-questions@freebsd.org
Subject: Re: [Q] ipfw and 'me'
References: <3E19B689.2090207@witchspace.com> <20030106171001.GA13668@submonkey.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Ceri Davies wrote:
> On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote:
> 
>>I've just been looking into the 'me' option for ipfw:
>>
>>me      matches any IP address configured on an interface in the
>>        system.  The address list is evaluated at the time the
>>        packet is analysed.
>>
>>Since the machine is a gateway, it has two network cards.  Will
>>'me' match *both* IP address or just the first one it comes
>>across?  I only really want it to match the IP address of the
>>external interface, not the internal one.
> 
> Both, I'm afraid.

Hmm, I suppose since tests for IP spoofing through the external
interface have already been carried out by that point, it isn't
that much of a problem.

Does the fancy-pants new IPFW2 allow more control for 'me'?


--Jon

http://www.witchspace.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message