Date: Wed, 26 Jun 2002 02:05:54 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Achim Patzner <ap@bnc.net> Cc: Thomas Wolf <net@wsf.at>, freebsd-ipfw@FreeBSD.ORG Subject: Re: interface check for packets originating from the local host ? Message-ID: <20020626020554.A34406@iguana.icir.org> In-Reply-To: <EAELLHHODLNIKKPLOLEMAECICKAA.ap@bnc.net>; from ap@bnc.net on Wed, Jun 26, 2002 at 10:08:56AM %2B0200 References: <20020625205854.ZGGS9315.viefep13-int.chello.at@there> <EAELLHHODLNIKKPLOLEMAECICKAA.ap@bnc.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 26, 2002 at 10:08:56AM +0200, Achim Patzner wrote: > > "packets originating from the local host have no receive interface" > > but is it possible/planned/nonsense to filter on exactly this > > Nonsense. i beg to differ... it is both possible and planned. > > condition, something like: > > 'allow all from any to any out recv none xmit xxx0' ? > > What's wrong with "allow all from me to [...]"? "me" is an expensive check when you can simply look at the rcvif field in the mbuf header (not to mention che slightly different behaviour in corner cases such as packet coming from divert sockets). cheers luigi > > Achim > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626020554.A34406>