From owner-freebsd-security  Wed Jul 29 13:54:00 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA26071
          for freebsd-security-outgoing; Wed, 29 Jul 1998 13:54:00 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from whistle.com (s205m131.whistle.com [207.76.205.131])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA25968;
          Wed, 29 Jul 1998 13:53:35 -0700 (PDT)
          (envelope-from archie@whistle.com)
Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id NAA26010; Wed, 29 Jul 1998 13:52:29 -0700 (PDT)
Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3)
	id sma026006; Wed Jul 29 13:52:11 1998
Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id NAA19705; Wed, 29 Jul 1998 13:52:11 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
Message-Id: <199807292052.NAA19705@bubba.whistle.com>
Subject: Re: IPFW rules applied twice?
In-Reply-To: <35BE914A.A946F57D@tpgi.com.au> from Andrew Cagney at "Jul 29, 98 01:04:42 pm"
To: cagney@tpgi.com.au (Andrew Cagney)
Date: Wed, 29 Jul 1998 13:52:11 -0700 (PDT)
Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Andrew Cagney writes:
> My question: Do the IPFW rules get applied twice?
> 
> 	o	when the packet comes IN on the
> 		ppp0 interface.
> 
> 	o	when the packet goes OUT on the
> 		vx0 interface.
> 
> I think they do (as they should).
> The problem is, I can't find anything in the IPFW documentation
> that confirms this.

Yes, firewall rules are applied as packets enter and as they
leave an interface. That's why you can specify "in" and/or "out"
in the firewall rules.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message