From owner-freebsd-ipfw@FreeBSD.ORG Wed Aug 3 08:25:18 2005 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.ORG Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BEEC16A41F for ; Wed, 3 Aug 2005 08:25:18 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [83.120.8.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6F9443D46 for ; Wed, 3 Aug 2005 08:25:17 +0000 (GMT) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (dapatm@localhost [127.0.0.1]) by lurza.secnetix.de (8.13.1/8.13.1) with ESMTP id j738PFr7008845 for ; Wed, 3 Aug 2005 10:25:16 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.13.1/8.13.1/Submit) id j738PFg7008844; Wed, 3 Aug 2005 10:25:15 +0200 (CEST) (envelope-from olli) Date: Wed, 3 Aug 2005 10:25:15 +0200 (CEST) Message-Id: <200508030825.j738PFg7008844@lurza.secnetix.de> From: Oliver Fromme To: freebsd-ipfw@FreeBSD.ORG In-Reply-To: <42EFBCDC.6090900@wm-access.no> X-Newsgroups: list.freebsd-ipfw User-Agent: tin/1.5.4-20000523 ("1959") (UNIX) (FreeBSD/4.11-RELEASE (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: Another bug in IPFW@ ...? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-ipfw@FreeBSD.ORG List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Aug 2005 08:25:18 -0000 Sten Daniel Sørsdal wrote: > Oliver Fromme wrote: > > However, the problem is that the second option is being > > ignored, and I would like to know why, and how to work- > > around the bug. > > Would this work?: > > # ipfw add pass ip from me to $N out xmit xl0 No. It wouldn't check the (non-existing) incoming interface. The "from me" pattern does not check any interfaces. It only checks that the source IP in the packet is one of the locally configured IP addresses. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co KG, Marktplatz 29, 85567 Grafing Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. "Python tricks" is a tough one, cuz the language is so clean. E.g., C makes an art of confusing pointers with arrays and strings, which leads to lotsa neat pointer tricks; APL mistakes everything for an array, leading to neat one-liners; and Perl confuses everything period, making each line a joyous adventure . -- Tim Peters