From owner-freebsd-questions  Wed Oct  3 11:40:34 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200])
	by hub.freebsd.org (Postfix) with ESMTP id DDA7237B403
	for <questions@freebsd.org>; Wed,  3 Oct 2001 11:40:31 -0700 (PDT)
Received: from pc2-card3-0-cust79.cdf.cable.ntl.com
	([213.107.2.79] helo=rhadamanth.private.submonkey.net ident=exim)
	by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2)
	id 15oqwK-0001GU-00; Wed, 03 Oct 2001 19:40:16 +0100
Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.33 #1)
	id 15oqw3-000KwR-00; Wed, 03 Oct 2001 19:39:59 +0100
Date: Wed, 3 Oct 2001 19:39:59 +0100
From: setantae <setantae@submonkey.net>
To: John Heyer <john@snake.supranet.net>
Cc: questions@freebsd.org
Subject: Re: ipfw question - network traffic to itself?
Message-ID: <20011003193959.A80485@rhadamanth>
References: <20011003154824.A26056@cartman.private.techsupport.co.uk> <20011003121815.Q53330-100000@snake.supranet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20011003121815.Q53330-100000@snake.supranet.net>; from john@snake.supranet.net on Wed, Oct 03, 2001 at 12:20:39PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Wed, Oct 03, 2001 at 12:20:39PM -0500, John Heyer wrote:
> On Wed, 3 Oct 2001, Ceri wrote:
> 
> > On Wed, Oct 03, 2001 at 09:42:29AM -0500, John Heyer said:
> > >
> > > I need an ipfw ruleset that will allow all traffic if it's on the same
> > > network or going through the same interface, and can't figure out an easy
> > > way to do this.  Currently I'm just specifying the applicable networks
> > > by hand:
> >
> > I use this :
> >
> > 00100 allow ip from any to any via lo0
> > 00110 allow ip from any to any via dc0
> 
> That allows traffic from any network to any network via its interface.  I
> only want to allow traffic from the network to itself via its interface.

Traffic via the other interfaces (and hence other networks) is subject to
the many other rules that I didn't include.

As I said, it does the requested job for me; should point the OP in the
right direction, at least.

Ceri

-- 
keep a mild groove on

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message