From owner-freebsd-doc  Wed Jul 29 17:50:37 1998
Return-Path: <owner-freebsd-doc@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA16912
          for freebsd-doc-outgoing; Wed, 29 Jul 1998 17:50:37 -0700 (PDT)
          (envelope-from owner-freebsd-doc@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA16894
          for <doc@FreeBSD.ORG>; Wed, 29 Jul 1998 17:50:33 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id RAA10444;
	Wed, 29 Jul 1998 17:50:01 -0700 (PDT)
Received: from andrew1.lnk.telstra.net (andrew1.lnk.telstra.net [139.130.51.121])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA16006
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 29 Jul 1998 17:46:58 -0700 (PDT)
          (envelope-from cagney@tpgi.com.au)
Received: (from cagney@localhost) by andrew1.lnk.telstra.net (8.8.8/8.7.3) id KAA00980; Thu, 30 Jul 1998 10:48:37 +1000 (EST)
Message-Id: <199807300048.KAA00980@andrew1.lnk.telstra.net>
Date: Thu, 30 Jul 1998 10:48:37 +1000 (EST)
From: Andrew Cagney <cagney@tpgi.com.au>
Reply-To: cagney@tpgi.com.au
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: docs/7437: IPFW doco unclear about in/out
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         7437
>Category:       docs
>Synopsis:       IPFW doco unclear about in/out
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-doc
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jul 29 17:50:01 PDT 1998
>Last-Modified:
>Originator:     Andrew Cagney
>Organization:
>Release:        FreeBSD 2.2.6-RELEASE i386
>Environment:

	IPFW configured into the kernel.
	Dual homed machine.

>Description:

	The documentation on IPFW isn't clear about its behavour
	when handling a packet that is traversing a host acting
	as a gateway.

>How-To-Repeat:

	Look through the IPFW doc for a clear explanation of when/how
	the packet filtering rules are applied.

	Look through the IPFW doc for a clear explanation of what
	meta information is attached to a packet when it is presented
	to the packet filter.
	

>Fix:
	
The first part is to precisely describe the meta information
associated with a IPFW IP packet. I think it is:

	o	interface(s) (recv, xmit)

	o	direction

as well as the obvious:

	o	IP address

	o	packet type

	o	port address (tcp/udp)

	o	estab

	o	....

The second part is to explain that every packet is put through the
IPFW rules as part of traversing an interface.  (I.e. twice for a
routed packet).

If someone wants to work with me I'll make comments (at least) on the
changes.

			Andrew

PS: The doco don't need to be an explanation on how to operate a
firewall, rather how this specific firewall is implemented.
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message