Date: Mon, 06 Jan 2003 17:23:42 +0000 From: Jonathan Belson <jon@witchspace.com> To: Ceri Davies <setantae@submonkey.net> Cc: freebsd-questions@freebsd.org Subject: Re: [Q] ipfw and 'me' Message-ID: <3E19BB9E.6010207@witchspace.com> References: <3E19B689.2090207@witchspace.com> <20030106171001.GA13668@submonkey.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Ceri Davies wrote: > On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote: > >>I've just been looking into the 'me' option for ipfw: >> >>me matches any IP address configured on an interface in the >> system. The address list is evaluated at the time the >> packet is analysed. >> >>Since the machine is a gateway, it has two network cards. Will >>'me' match *both* IP address or just the first one it comes >>across? I only really want it to match the IP address of the >>external interface, not the internal one. > > Both, I'm afraid. Hmm, I suppose since tests for IP spoofing through the external interface have already been carried out by that point, it isn't that much of a problem. Does the fancy-pants new IPFW2 allow more control for 'me'? --Jon http://www.witchspace.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E19BB9E.6010207>