Date: Mon, 21 Jun 1999 12:02:30 +0300 (EEST) From: Mark Nalbandyan <mark@fregat.dp.ua> To: freebsd-questions@freebsd.org Subject: IPFW Message-ID: <Pine.BSF.3.96.990621104108.10154A-100000@fregat.dp.ua>
next in thread | raw e-mail | index | archive | help
Hello!
There is a set of questions relating to FreeBSD IPFW.
1. According to ipfw(8), it's possible to specify keywords `in' and 'out'
with `recv'. So, what does the rule `... out recv ed0' mean? Does it
matches the packets been received via ed0 and now are on the way out?
What are the differences between the next rules:
.... from any to any in
and
.... from any to any in recv any
.... from any to any out
and
.... from any to any out xmit any
?
2. I need a rule allowing all transit traffic thru my router and
nothing more. So, I specify:
allow all from any to any out recv any xmit any
but it seems to be wrong. For example, it doesn't match packets
routed on the way ppp2 --> [router] --> ed0.
Q: What is wrong in this rule and how I can do this?
3. Suppose the rules
.... from A to B
and
.... from A to B via C
are logically equivalently. What of them is "faster"?
Does `via C' perform any additional checking or does it
help to bypass some checking?
This is typical when the only network interface exists.
Should anyone specify this interface with each rule to accelerate
processing or should he avoid to do this?
Sincerely yours, Mark.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990621104108.10154A-100000>