From owner-freebsd-questions Mon Jun 21 2: 3: 3 1999 Delivered-To: freebsd-questions@freebsd.org Received: from fregat.dp.ua (fregat.dp.ua [195.24.137.178]) by hub.freebsd.org (Postfix) with ESMTP id 5ACD714C13 for ; Mon, 21 Jun 1999 02:02:43 -0700 (PDT) (envelope-from mark@fregat.dp.ua) Received: from localhost (mark@localhost) by fregat.dp.ua (8.8.8/8.8.8) with SMTP id MAA14831 for ; Mon, 21 Jun 1999 12:02:30 +0300 (EEST) (envelope-from mark@fregat.dp.ua) Date: Mon, 21 Jun 1999 12:02:30 +0300 (EEST) From: Mark Nalbandyan To: freebsd-questions@freebsd.org Subject: IPFW Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! There is a set of questions relating to FreeBSD IPFW. 1. According to ipfw(8), it's possible to specify keywords `in' and 'out' with `recv'. So, what does the rule `... out recv ed0' mean? Does it matches the packets been received via ed0 and now are on the way out? What are the differences between the next rules: .... from any to any in and .... from any to any in recv any .... from any to any out and .... from any to any out xmit any ? 2. I need a rule allowing all transit traffic thru my router and nothing more. So, I specify: allow all from any to any out recv any xmit any but it seems to be wrong. For example, it doesn't match packets routed on the way ppp2 --> [router] --> ed0. Q: What is wrong in this rule and how I can do this? 3. Suppose the rules .... from A to B and .... from A to B via C are logically equivalently. What of them is "faster"? Does `via C' perform any additional checking or does it help to bypass some checking? This is typical when the only network interface exists. Should anyone specify this interface with each rule to accelerate processing or should he avoid to do this? Sincerely yours, Mark. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message