From owner-cvs-all Tue Feb 13 10:45:35 2001 Delivered-To: cvs-all@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id B9B0C37B491; Tue, 13 Feb 2001 10:45:20 -0800 (PST) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.1/8.11.1) id f1DIfEJ31419; Tue, 13 Feb 2001 10:41:14 -0800 (PST) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200102131841.f1DIfEJ31419@iguana.aciri.org> Subject: Re: cvs commit: src/sys/netinet ip_fw.c ip_fw.h src/sbin/ipfw ipfw.8 ipfw.c In-Reply-To: <200102131807.f1DI7g831251@iguana.aciri.org> from Luigi Rizzo at "Feb 13, 2001 10: 7:37 am" To: rizzo@aciri.org (Luigi Rizzo) Date: Tue, 13 Feb 2001 10:41:09 -0800 (PST) Cc: imp@harmony.village.org, phk@critter.freebsd.dk, rizzo@aciri.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > In message <52435.982085938@critter> Poul-Henning Kamp writes: > > : A forwarded packet would encounter three lists of rules: > > : > > : Input list on arrival interface > > : forwarding list > > : Output list on departure interface > > > > That would make my life easier here. Right now I have a shell script > > with nested for loops to prevent bogus packets coming in (and no > > filtering at all going out). When there's 8 interfaces, it gets ugly > > fast. > > What you would actually need is a rule (which to the best > of my knowledge does not exist now) that lets you check ... and my knowledge proved to be wrong: ipfw add ... out recv any ^^^^^^^^^^^^ does what i wanted. So you can jump to your "forwarding list" with a rule like ipfw add skipto 10000 ip from any to any out recv any and have code your access-list 10000 as your forwarding ruleset. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message