Date: Fri, 13 Aug 2004 09:08:17 +0200 From: "Chris Knipe" <savage@savage.za.org> To: <freebsd-ipfw@freebsd.org> Subject: Re: ipfw & skipto.... confused a bit... Message-ID: <000901c48104$4f0b4f10$fb00a8c0@savage.za.org> References: <E1BvW54-0002Wf-00@hetzner.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Ian FREISLICH" <if@hetzner.co.za>
To: "Chris Knipe" <savage@savage.za.org>
Cc: <freebsd-ipfw@freebsd.org>
Sent: Friday, August 13, 2004 9:02 AM
Subject: Re: ipfw & skipto.... confused a bit...
> "Chris Knipe" wrote:
> > Hi all,
> >
> > I'm a tad confused with skiptos. I want to use them, because I am
> > automating setup procedures of rather large firewall tables via perl /
> > mysql. From the 65535 available rules, blocks have been reserved for
> > certain type of functions during the firewalling process. As such, I
> > basically use all the available numbers. My last automated block is
from
> > 65450 to 65500 :/
> >
> > Let's have a look quickly at a small block so that I can have a example
of
> > what I am referring to....
> >
> > #######################################################################
> > #### Transparent Services ###
> > #######################################################################
> > ${fwcmd} add 16000 allow tcp from ${LANIP} to any 25 out via tun1
skipto
> > 16010
>
> I thought that you had to use skipto as the action, not the rule body:
>
> ${fwcmd} add 16000 skipto 16010 tcp from ${LANIP} to any 25 out via tun1
Yes. That is correct. However, that will only skip of the rule matches vs.
a simple allow statement. How do you match a skipto if you are not allowing
traffic, but queueing / denying / forwarding it??
--
Chris.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000901c48104$4f0b4f10$fb00a8c0>