From owner-freebsd-questions@freebsd.org Tue Aug 25 02:51:26 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F02519C20E2 for ; Tue, 25 Aug 2015 02:51:26 +0000 (UTC) (envelope-from gregory.orange@calorieking.com) Received: from pandora.au.calorieking.net (mail.au.calorieking.net [115.70.179.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 97BF587D for ; Tue, 25 Aug 2015 02:51:25 +0000 (UTC) (envelope-from gregory.orange@calorieking.com) Received: from pandora.au.calorieking.net (localhost [127.0.0.1]) by pandora.au.calorieking.net (Postfix) with ESMTP id B95E98 for ; Tue, 25 Aug 2015 10:44:45 +0800 (WST) X-Virus-Scanned: amavisd-new at calorieking.com Received: from pandora.au.calorieking.net ([127.0.0.1]) by pandora.au.calorieking.net (mail.au.calorieking.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oGcWVwTifb_R for ; Tue, 25 Aug 2015 10:44:45 +0800 (WST) Received: from egeria.internal (egeria.au.calorieking.net [192.168.2.111]) by pandora.au.calorieking.net (Postfix) with ESMTPSA id 5B7046 for ; Tue, 25 Aug 2015 10:44:45 +0800 (WST) Message-ID: <55DBD69B.3000207@calorieking.com> Date: Tue, 25 Aug 2015 10:44:43 +0800 From: Gregory Orange User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.8.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: ipfw's "via" rule option/match pattern References: <20150821013137.E8515@sola.nimnet.asn.au> <55DB8CAF.8040608@gmail.com> In-Reply-To: <55DB8CAF.8040608@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 02:51:27 -0000 On 25/08/15 05:29, andreas scherrer wrote: >> In freebsd-questions Digest, Vol 585, Issue 3, Message: 9 >> Yes; [4] is clearly wrong in this respect. 'out via' does NOT check the >> receive interface if the transmit interface is known. > > In summary I think it would be reasonable to advise people to *not* use > "via" in combination with "in" or "out". > > "in via $if" => "in recv $if" > "out via $if" => "out xmit $if" I am particularly interested to see whether we get some consensus on this. I am reviewing a number of firewall configurations right at the moment, and look to you all for a recommendation on this issue. > Assuming the above is correct and that I wanted to tackle the issue of > rewriting the ipfw handbook section: how would I do that (i.e. how to > submit a new version)? Andreas, it appears from the handbook homepage[1] that one should contact the freebsd-doc@ list[2]. A quick glance at the archives suggests to me that changes are backed onto bugzilla[3]. I am certainly grateful for efforts spent maintaining this excellent handbook. The web is a rich source of helpful content, but having an official, curated handbook from a single source (albeit many authors) is even better. Regards, Greg. [1] https://www.freebsd.org/doc/handbook/ [2] https://lists.freebsd.org/mailman/listinfo/freebsd-doc [3] https://bugs.freebsd.org/bugzilla/