Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 3 Oct 1997 07:43:54 +1000
From:      Stanley.Hopcroft@aipo.gov.au
To:        security@freebsd.org
Subject:   recv and xmit options in ipfw, FreeBSD 2.2-RELEASE.
Message-ID:  <4A256524.007B6E1A.00@notes.aipo.gov.au>

next in thread | raw e-mail | index | archive | help







     Dear Ladies and Gentlemen,

     I am writing to ask about the "recv" and "xmit" options to ipfw.

     These options allow a rule to match packets received from one
     interface and transmitted out another and would seem useful for a dual
     homed FreeBSD host acting as a packet filtering router.

     The options exist because Mr A Cobbs wrote an answer to a question
     about their usage to the freebsd-questions mail list.

     When I try to use a rule like

     %ipfw add 10 pass tcp from any 1023- to 192.168.11.2 21 recv ed0 xmit
     ed1

     The response from my 2.2-RELEASE system is

     4 recv
     ipfw: ERROR - Unknown argument

     Usage:
             ipfw [options]
                     flush
                     add [number] rule
                     delete number
                     list [number]
                     show [number]
                     zero [number]
             rule:   action proto src dst extras...
                     action: {allow|deny|reject|count|divert port} [log]
                     proto: {ip|tcp|udp|icmp|<number>}}
                     src: from {any|ip[{/bits|:mask}]} [{port|port-port},
     [port],...
                     dst: to {any|ip[{/bits|:mask}]}
     [{port|port-port},[port],...]
             extras:
                     fragment
                     {in|out|inout}
                     via {ifname|ip}
                     {established|setup}
                     tcpflags [!]{syn|fin|rst|ack|psh|urg},...
                     ipoptions [!]{ssrr|lsrr|rr|ts},...
                     icmptypes {type},...
                     proto {ipproto},...
     See man ipfw(8) for proper usage.
     %

     The kernel is configured for ipfw (this host is a packet filter now)
     with

     options         IPFIREWALL
     options         IPFIREWALL_VERBOSE

     Thank you for your response and time.

     Yours sincerely,


     S Hopcroft
     Australian Industrial Property Organisation (AIPO)

     better known as Patents Office.









Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A256524.007B6E1A.00>