Date: Wed, 3 Aug 2005 10:30:41 +0200 From: Nicolas Rachinsky <fbsd-div-0@ml.turing-complete.org> To: freebsd-ipfw@FreeBSD.ORG Subject: Re: Another bug in IPFW@ ...? Message-ID: <20050803083040.GB89059@pc5.i.0x5.de> In-Reply-To: <200508030825.j738PFg7008844@lurza.secnetix.de> References: <42EFBCDC.6090900@wm-access.no> <200508030825.j738PFg7008844@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
* Oliver Fromme <olli@lurza.secnetix.de> [2005-08-03 10:25 +0200]: > Sten Daniel Sørsdal <lists@wm-access.no> wrote: > > Oliver Fromme wrote: > > > However, the problem is that the second option is being > > > ignored, and I would like to know why, and how to work- > > > around the bug. > > > > Would this work?: > > > > # ipfw add pass ip from me to $N out xmit xl0 > > No. It wouldn't check the (non-existing) incoming interface. > The "from me" pattern does not check any interfaces. It only > checks that the source IP in the packet is one of the locally > configured IP addresses. ipfw add deny ip from me to any in ipfw add pass ip from me to $N out xmit xl0 But I would like the 'not recv any' feature, too. At the moment I use a static list. Nicolas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803083040.GB89059>