From owner-freebsd-ipfw Tue Jun 25 13:59: 1 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from viefep13-int.chello.at (viefep13-int.chello.at [213.46.255.15]) by hub.freebsd.org (Postfix) with ESMTP id B756437B400 for ; Tue, 25 Jun 2002 13:58:55 -0700 (PDT) Received: from there ([213.47.24.51]) by viefep13-int.chello.at (InterMail vM.5.01.03.06 201-253-122-118-106-20010523) with SMTP id <20020625205854.ZGGS9315.viefep13-int.chello.at@there> for ; Tue, 25 Jun 2002 22:58:54 +0200 Content-Type: text/plain; charset="iso-8859-1" From: Thomas Wolf To: freebsd-ipfw@freebsd.org Subject: interface check for packets originating from the local host ? Date: Tue, 25 Jun 2002 23:02:36 +0200 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020625205854.ZGGS9315.viefep13-int.chello.at@there> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi there, "packets originating from the local host have no receive interface" but is it possible/planned/nonsense to filter on exactly this condition, something like: 'allow all from any to any out recv none xmit xxx0' ? I am experimenting with a ruleset for several interfaces and I try to design the rules on src/dst - interface and this would help to distinguish 'natted' packets from locally generated ones when they are leaving the system. Thanks in advance Thomas PS (slightly OT): Should the punch_fw option in natd also create rules for outgoing passive ftp ? It does not (at least on my 4.5 Box) but I wonder if it is my fault, a bug or a feature :-) PPS: would this be the right list to post my ruleset asking for comments when it is finished ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message