Date: Fri, 3 Oct 1997 07:43:54 +1000 From: Stanley.Hopcroft@aipo.gov.au To: security@freebsd.org Subject: recv and xmit options in ipfw, FreeBSD 2.2-RELEASE. Message-ID: <4A256524.007B6E1A.00@notes.aipo.gov.au>
next in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen,
I am writing to ask about the "recv" and "xmit" options to ipfw.
These options allow a rule to match packets received from one
interface and transmitted out another and would seem useful for a dual
homed FreeBSD host acting as a packet filtering router.
The options exist because Mr A Cobbs wrote an answer to a question
about their usage to the freebsd-questions mail list.
When I try to use a rule like
%ipfw add 10 pass tcp from any 1023- to 192.168.11.2 21 recv ed0 xmit
ed1
The response from my 2.2-RELEASE system is
4 recv
ipfw: ERROR - Unknown argument
Usage:
ipfw [options]
flush
add [number] rule
delete number
list [number]
show [number]
zero [number]
rule: action proto src dst extras...
action: {allow|deny|reject|count|divert port} [log]
proto: {ip|tcp|udp|icmp|<number>}}
src: from {any|ip[{/bits|:mask}]} [{port|port-port},
[port],...
dst: to {any|ip[{/bits|:mask}]}
[{port|port-port},[port],...]
extras:
fragment
{in|out|inout}
via {ifname|ip}
{established|setup}
tcpflags [!]{syn|fin|rst|ack|psh|urg},...
ipoptions [!]{ssrr|lsrr|rr|ts},...
icmptypes {type},...
proto {ipproto},...
See man ipfw(8) for proper usage.
%
The kernel is configured for ipfw (this host is a packet filter now)
with
options IPFIREWALL
options IPFIREWALL_VERBOSE
Thank you for your response and time.
Yours sincerely,
S Hopcroft
Australian Industrial Property Organisation (AIPO)
better known as Patents Office.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A256524.007B6E1A.00>