Date: Sat, 17 Sep 2005 13:18:17 +0200 From: Jeremie Le Hen <jeremie@le-hen.org> To: vladone <vladone@spaingsm.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: in via or in recv Message-ID: <20050917111817.GG51142@obiwan.tataz.chchile.org> In-Reply-To: <1352090989.20050917130747@spaingsm.com> References: <1126236392.20050901000512@spaingsm.com> <200509151332.j8FDWoqd035125@lurza.secnetix.de> <20050916122751.GC51142@obiwan.tataz.chchile.org> <1352090989.20050917130747@spaingsm.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> U speak in this explanation about "outgoing path" or "incoming path". > How i can find when i have an situation or another? > U say: "If the packet is on the outgoing path ....", so need to know > when the packet is on "outgoing path" or "incoming path". How know > that? The incoming path is when the packet just entered the network stack, after being received on the network adapter ; at this time, it has not been routed yet. Conversely, the outgoing path is when the packet has been routed by the network stack, just before giving it to the network adapter. Let's do some ASCII art : +-------------+ | FreeBSD box | +---------------------+ | | | Network | | stack | | | | | | [ROUTING] | | | | | fxp0 ^ v sis0 ...->---#---->---+ +-->-----#---->-... | | |incoming outgoing| | path path | +---------------------+ % ipfw add allow ip from any to any recv fxp0 xmit sis0 This rule will apply on the outgoing path (because of "xmit") and will let through all packets that arrived on fxp0 and then leave through sis0. If you have a third interface, let's say em0, then packets leaving through sis0 but that has come through the latter won't match this rule. I hope this help you to understand. I will make my webpage more precise on this. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050917111817.GG51142>