Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 16 Sep 2005 14:27:51 +0200
From:      Jeremie Le Hen <jeremie@le-hen.org>
To:        freebsd-ipfw@FreeBSD.ORG, vladone <vladone@spaingsm.com>
Subject:   Re: in via or in recv
Message-ID:  <20050916122751.GC51142@obiwan.tataz.chchile.org>
In-Reply-To: <200509151332.j8FDWoqd035125@lurza.secnetix.de>
References:  <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi,

> vladone <vladone@spaingsm.com> wrote:
>  > What is difference between:
>  >   1. in via - in recv
> 
> No difference.  When checking incoming packets (which "in"
> means), only the receiving interface is known, but not yet
> the transmitting interface, so "via" and "recv" do the same
> thing in that case.
> 
>  >   2. out via - out xmit
> 
> When checking outgoing packets ("out"), both the receiving
> and the transmitting interface are known, so "via" compares
> with both, while "xmit" only compares with the transmitting
> interface.  That's why "xmit" can only be used with "out",
> not with "in", while "recv" can be used with both "out" and
> "in".
> 
> All of that is explained in detail in the ipfw(8) manpage.
> 
>  > When need to use an variant or another?
> 
> That depends on what you want to do.  In my experience
> there is rarely a need for "via".  Usually you only need
> "recv" and "xmit" (optionally combined with "in" and "out"
> as appropriate for your rules).

Given that this question is regurlarly asked, I've just written a
webpage explaining the difference among "via", "xmit" and "recv",
based on what has been said here in the past and my own understanding
of ipfw code.

	http://tataz.chchile.org/~tataz/ipfw_via_recv_xmit.html

This is quite short to read, and I would like some feedback on it.

Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050916122751.GC51142>