Date: Tue, 25 Aug 2015 10:44:43 +0800 From: Gregory Orange <gregory.orange@calorieking.com> To: freebsd-questions@freebsd.org Subject: Re: ipfw's "via" rule option/match pattern Message-ID: <55DBD69B.3000207@calorieking.com> In-Reply-To: <55DB8CAF.8040608@gmail.com> References: <20150821013137.E8515@sola.nimnet.asn.au> <55DB8CAF.8040608@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 25/08/15 05:29, andreas scherrer wrote: >> In freebsd-questions Digest, Vol 585, Issue 3, Message: 9 >> Yes; [4] is clearly wrong in this respect. 'out via' does NOT check the >> receive interface if the transmit interface is known. > > In summary I think it would be reasonable to advise people to *not* use > "via" in combination with "in" or "out". > > "in via $if" => "in recv $if" > "out via $if" => "out xmit $if" I am particularly interested to see whether we get some consensus on this. I am reviewing a number of firewall configurations right at the moment, and look to you all for a recommendation on this issue. > Assuming the above is correct and that I wanted to tackle the issue of > rewriting the ipfw handbook section: how would I do that (i.e. how to > submit a new version)? Andreas, it appears from the handbook homepage[1] that one should contact the freebsd-doc@ list[2]. A quick glance at the archives suggests to me that changes are backed onto bugzilla[3]. I am certainly grateful for efforts spent maintaining this excellent handbook. The web is a rich source of helpful content, but having an official, curated handbook from a single source (albeit many authors) is even better. Regards, Greg. [1] https://www.freebsd.org/doc/handbook/ [2] https://lists.freebsd.org/mailman/listinfo/freebsd-doc [3] https://bugs.freebsd.org/bugzilla/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55DBD69B.3000207>