Date: Tue, 7 Sep 2010 21:52:23 +0700 From: Victor Sudakov <sudakov@sibptus.tomsk.ru> To: freebsd-questions@freebsd.org Subject: Re: ipfw fwd and ipfw allow Message-ID: <20100907145223.GA55660@admin.sibptus.tomsk.ru> In-Reply-To: <4C864145.80805@gmx.com> References: <20100822052550.GA42346@admin.sibptus.tomsk.ru> <20100907090012.GA48608@admin.sibptus.tomsk.ru> <4C8616F0.5010401@gmx.com> <20100907110033.GA51618@admin.sibptus.tomsk.ru> <4C864145.80805@gmx.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Nikos Vassiliadis wrote: > >>>Am I asking something unreasonable? > >> > >>Not really, but if you ask, one could say that IPFW is a "first > >>match wins" firewall, so a fwd or an allow action would be the > >>terminal one. You must design your rules accordingly. > >> > >>There is also the skipto action which can alter the way packets > >>flow through the rules. > >> > >>Could you describe in a conrete example what you're trying to > >>achieve? > > > >I want forwarded packets to create a dynamic "allow" rule. > > > > You can combine fwd and keep-state. I hope so. I just don't understand how. > Could you be more specific? A packet generated locally 1) should be forwarded by a 'fwd' rule and 2) should create a dynamic 'allow' rule for returning traffic. Could you please suggest a ruleset for this. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:sudakov@sibptus.tomsk.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100907145223.GA55660>