From owner-freebsd-ipfw@FreeBSD.ORG  Wed Aug  3 09:12:04 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
X-Original-To: freebsd-ipfw@freebsd.org
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 08DC416A41F
	for <freebsd-ipfw@freebsd.org>; Wed,  3 Aug 2005 09:12:04 +0000 (GMT)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C375943D49
	for <freebsd-ipfw@freebsd.org>; Wed,  3 Aug 2005 09:12:03 +0000 (GMT)
	(envelope-from rizzo@icir.org)
Received: from xorpc.icir.org (localhost [127.0.0.1])
	by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id j739Br8B080897;
	Wed, 3 Aug 2005 02:11:53 -0700 (PDT)
	(envelope-from rizzo@xorpc.icir.org)
Received: (from rizzo@localhost)
	by xorpc.icir.org (8.12.11/8.12.3/Submit) id j739Bp8U080896;
	Wed, 3 Aug 2005 02:11:51 -0700 (PDT) (envelope-from rizzo)
Date: Wed, 3 Aug 2005 02:11:51 -0700
From: Luigi Rizzo <rizzo@icir.org>
To: AT Matik <asstec@matik.com.br>
Message-ID: <20050803021151.B80694@xorpc.icir.org>
References: <200508021746.j72Hk6Wq006760@lurza.secnetix.de>
	<200508022151.45925.asstec@matik.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <200508022151.45925.asstec@matik.com.br>;
	from asstec@matik.com.br on Tue, Aug 02, 2005 at 09:51:45PM -0300
Cc: freebsd-ipfw@freebsd.org
Subject: Re: Another bug in IPFW@ ...?
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2005 09:12:04 -0000

On Tue, Aug 02, 2005 at 09:51:45PM -0300, AT Matik wrote:
...
> even if I agree to your logic aspect in general I thought
> 
> out and xmit is probably exactly the same still especially as you set 
> src-ip and dst-ip so the interface where this packages are xmit is 
> defined by the routes

> 
> localhost normally runs on lo0 which is an interface as any other 
> 
> so which ghost packages you try to catch here?

there are internally generated packets which do not have
a rcvif (which is what really 'recv' means);
and any packet in the input path does not have an output-if
(which is wht really 'xmit' means).

so "out" and "xmit any" are the same thing
(and "in" is "not out" so the same as "not xmit any"), assuming
there is a route for the destination (but otherwise i believe the
packet is dropped before reaching the firewall),

but i cannot find a synonim for "recv any"

cheers
luigi