From owner-freebsd-ipfw  Sat May 11 13:46:37 2002
Delivered-To: freebsd-ipfw@freebsd.org
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by hub.freebsd.org (Postfix) with ESMTP id 1190337B405
	for <freebsd-ipfw@FreeBSD.ORG>; Sat, 11 May 2002 13:46:35 -0700 (PDT)
Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20020511204634.KQSS22408.rwcrmhc53.attbi.com@blossom.cjclark.org>;
          Sat, 11 May 2002 20:46:34 +0000
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.6) id g4BKkXg09267;
	Sat, 11 May 2002 13:46:33 -0700 (PDT)
	(envelope-from cjc)
Date: Sat, 11 May 2002 13:46:33 -0700
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: rick norman <rick.norman@lmco.com>
Cc: freebsd-ipfw@FreeBSD.ORG
Subject: Re: ipfw and aliases
Message-ID: <20020511134633.A2824@blossom.cjclark.org>
References: <3CDB2CED.DCC3092F@lmco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <3CDB2CED.DCC3092F@lmco.com>; from rick.norman@lmco.com on Thu, May 09, 2002 at 07:14:06PM -0700
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Thu, May 09, 2002 at 07:14:06PM -0700, rick norman wrote:
> Is it possible to write a firewall rule for a router with one interface
> with multiple aliased ip
> addresses that will grab pkts based on the IP_alias they are routed in
> or out on, rather than the src or des address of the pkt.

No, there is no way to do this. The information is simply not
available to the system. There is no way for it to know what IP
address a remote machine might have used to pick its link-layer
address for forwarding the packet.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message