Date: Tue, 15 Jul 2003 17:00:59 -0700 From: Luigi Rizzo <rizzo@icir.org> To: ipfw@freebsd.org Subject: clarification on /etc/rc.firewall ("in via ..." commands etc.) Message-ID: <20030715170059.A43216@xorpc.icir.org>
next in thread | raw e-mail | index | archive | help
Hi, I was looking at /etc/rc.firewall, and noticed that there is a number of rules with "... in via $ifname". Looking at the ipfw1 code: + "in" only matches if a packet has a receive interface associated with it. + "via $ifname" matches 1) the xmit interface is one is associated with the packet, or 2) the receive interface if one is associated with the packet, or 3) it fails if no interfaces are associated with the packet. So, my first question is where in our protocol stack we can have packets with neither receive or xmit interfaces; The second question is whether the sequence "in via $ifname" should be replaced by "in recv $ifname" (which is in my opinion makes it more clear which traffic is being matched. cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030715170059.A43216>