From owner-freebsd-security Thu Oct 2 15:30:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id PAA27978 for security-outgoing; Thu, 2 Oct 1997 15:30:25 -0700 (PDT) Received: from pericles.aipo.gov.au (pericles.aipo.gov.au [202.14.186.30]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id PAA27900 for ; Thu, 2 Oct 1997 15:29:58 -0700 (PDT) From: Stanley.Hopcroft@aipo.gov.au Received: (from smap@localhost) by pericles.aipo.gov.au (8.8.5/8.6.12) id IAA01274 for ; Fri, 3 Oct 1997 08:27:14 +1000 (EST) X-Authentication-Warning: pericles.aipo.gov.au: smap set sender to using -f Received: from notes.aipo.gov.au(192.3.1.11) by pericles.aipo.gov.au via smap (V1.3) id sma001272; Fri Oct 3 08:27:13 1997 Received: by notes.aipo.gov.au(Lotus SMTP MTA v1.05b4 (287.3 12-16-1996)) id 4A256524.007B7024 ; Fri, 3 Oct 1997 08:28:16 +1000 X-Lotus-FromDomain: INTERNET To: security@freebsd.org Message-ID: <4A256524.007B6E1A.00@notes.aipo.gov.au> Date: Fri, 3 Oct 1997 07:43:54 +1000 Subject: recv and xmit options in ipfw, FreeBSD 2.2-RELEASE. Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dear Ladies and Gentlemen, I am writing to ask about the "recv" and "xmit" options to ipfw. These options allow a rule to match packets received from one interface and transmitted out another and would seem useful for a dual homed FreeBSD host acting as a packet filtering router. The options exist because Mr A Cobbs wrote an answer to a question about their usage to the freebsd-questions mail list. When I try to use a rule like %ipfw add 10 pass tcp from any 1023- to 192.168.11.2 21 recv ed0 xmit ed1 The response from my 2.2-RELEASE system is 4 recv ipfw: ERROR - Unknown argument Usage: ipfw [options] flush add [number] rule delete number list [number] show [number] zero [number] rule: action proto src dst extras... action: {allow|deny|reject|count|divert port} [log] proto: {ip|tcp|udp|icmp|}} src: from {any|ip[{/bits|:mask}]} [{port|port-port}, [port],... dst: to {any|ip[{/bits|:mask}]} [{port|port-port},[port],...] extras: fragment {in|out|inout} via {ifname|ip} {established|setup} tcpflags [!]{syn|fin|rst|ack|psh|urg},... ipoptions [!]{ssrr|lsrr|rr|ts},... icmptypes {type},... proto {ipproto},... See man ipfw(8) for proper usage. % The kernel is configured for ipfw (this host is a packet filter now) with options IPFIREWALL options IPFIREWALL_VERBOSE Thank you for your response and time. Yours sincerely, S Hopcroft Australian Industrial Property Organisation (AIPO) better known as Patents Office.