Date: Fri, 3 Oct 1997 07:43:54 +1000 From: Stanley.Hopcroft@aipo.gov.au To: security@freebsd.org Subject: recv and xmit options in ipfw, FreeBSD 2.2-RELEASE. Message-ID: <4A256524.007B6E1A.00@notes.aipo.gov.au>
next in thread | raw e-mail | index | archive | help
Dear Ladies and Gentlemen, I am writing to ask about the "recv" and "xmit" options to ipfw. These options allow a rule to match packets received from one interface and transmitted out another and would seem useful for a dual homed FreeBSD host acting as a packet filtering router. The options exist because Mr A Cobbs wrote an answer to a question about their usage to the freebsd-questions mail list. When I try to use a rule like %ipfw add 10 pass tcp from any 1023- to 192.168.11.2 21 recv ed0 xmit ed1 The response from my 2.2-RELEASE system is 4 recv ipfw: ERROR - Unknown argument Usage: ipfw [options] flush add [number] rule delete number list [number] show [number] zero [number] rule: action proto src dst extras... action: {allow|deny|reject|count|divert port} [log] proto: {ip|tcp|udp|icmp|<number>}} src: from {any|ip[{/bits|:mask}]} [{port|port-port}, [port],... dst: to {any|ip[{/bits|:mask}]} [{port|port-port},[port],...] extras: fragment {in|out|inout} via {ifname|ip} {established|setup} tcpflags [!]{syn|fin|rst|ack|psh|urg},... ipoptions [!]{ssrr|lsrr|rr|ts},... icmptypes {type},... proto {ipproto},... See man ipfw(8) for proper usage. % The kernel is configured for ipfw (this host is a packet filter now) with options IPFIREWALL options IPFIREWALL_VERBOSE Thank you for your response and time. Yours sincerely, S Hopcroft Australian Industrial Property Organisation (AIPO) better known as Patents Office.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A256524.007B6E1A.00>