From owner-freebsd-security Wed Jul 29 13:54:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA26071 for freebsd-security-outgoing; Wed, 29 Jul 1998 13:54:00 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA25968; Wed, 29 Jul 1998 13:53:35 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id NAA26010; Wed, 29 Jul 1998 13:52:29 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma026006; Wed Jul 29 13:52:11 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id NAA19705; Wed, 29 Jul 1998 13:52:11 -0700 (PDT) From: Archie Cobbs Message-Id: <199807292052.NAA19705@bubba.whistle.com> Subject: Re: IPFW rules applied twice? In-Reply-To: <35BE914A.A946F57D@tpgi.com.au> from Andrew Cagney at "Jul 29, 98 01:04:42 pm" To: cagney@tpgi.com.au (Andrew Cagney) Date: Wed, 29 Jul 1998 13:52:11 -0700 (PDT) Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew Cagney writes: > My question: Do the IPFW rules get applied twice? > > o when the packet comes IN on the > ppp0 interface. > > o when the packet goes OUT on the > vx0 interface. > > I think they do (as they should). > The problem is, I can't find anything in the IPFW documentation > that confirms this. Yes, firewall rules are applied as packets enter and as they leave an interface. That's why you can specify "in" and/or "out" in the firewall rules. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message