From owner-freebsd-questions  Wed Oct  3  7:48:52 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from cartman.private.techsupport.co.uk (cabletel1.cableol.net [194.168.3.4])
	by hub.freebsd.org (Postfix) with ESMTP id 51F6A37B406
	for <questions@freebsd.org>; Wed,  3 Oct 2001 07:48:50 -0700 (PDT)
Received: from ceri by cartman.private.techsupport.co.uk with local (Exim 3.31 #1)
	id 15onJw-00077p-00; Wed, 03 Oct 2001 15:48:24 +0100
Date: Wed, 3 Oct 2001 15:48:24 +0100
From: Ceri <ceri@techsupport.co.uk>
To: John Heyer <john@snake.supranet.net>
Cc: questions@freebsd.org
Subject: Re: ipfw question - network traffic to itself?
Message-ID: <20011003154824.A26056@cartman.private.techsupport.co.uk>
References: <20011003092803.A48410-100000@snake.supranet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011003092803.A48410-100000@snake.supranet.net>; from john@snake.supranet.net on Wed, Oct 03, 2001 at 09:42:29AM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Oct 03, 2001 at 09:42:29AM -0500, John Heyer said:
> 
> I need an ipfw ruleset that will allow all traffic if it's on the same
> network or going through the same interface, and can't figure out an easy
> way to do this.  Currently I'm just specifying the applicable networks
> by hand:
> 
> $fwcmd add 4000 allow all from 192.168.40.0/24 to 192.168.40.0/24
> $fwcmd add 4000 allow all from 10.1.1.0/24 to 10.1.1.0/24
> $fwcmd add 4000 allow all from 10.10.10.0/24 to 10.10.10.0/24
> 
> But I may need to copy these rules to other machines and would like to
> avoid having to hard code the networks each time.  Are there any
> provisions in ipfw to simply let a network talk to itself?  TIA

I use this :

00100 allow ip from any to any via lo0
00110 allow ip from any to any via dc0

Not sure whether this is right for you, but it's certainly good for me.

Ceri

-- 
We've tried this God stuff long enough.  It's time for a change.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message