Date: Mon, 22 Sep 1997 17:51:48 -0300 From: "Mario Sergio Fujikawa Ferreira" <lioux@gns.com.br> To: <freebsd-questions@freebsd.org> Cc: "Raul Xavier" <raulxn@linf.unb.br>, "Carlos Tada" <tada@linf.unb.br> Subject: IPFW recv and xmit Message-ID: <199709222048.RAA28707@srv1-bsb.gns.com.br>
next in thread | raw e-mail | index | archive | help
I would like some clarification on ipfw. I am used to writing normal rules. However, I am trying to write rules that use both recv and xmit. I know how ipfw builds the rules priority: from 1 to 65535, in order. However, I would like to know how it handles packets. Here is an hypothetical example. Internet <-vx0 (164.40.40.26)->Firewall<-vx1 (164.40.41.1)-> Net (164.40.41.0/25) How does it handle a packet from 164.40.38.1 to 164.40.41.6? Does it check it when it goes in vx0? Another when out vx0? In vx1? Out vx1? Or not? All the above? Let's say I want a machine 164.40.41.2 to only accept smtp connections from the internet, just for example. Are these correct? I am having trouble to understand the semantics when writing rules with recv and xmit. ipfw add reject tcp from 164.40.41.0/24 to any in recv vx0 (later - 1) ipfw add allow tcp from any 1024-65535 to 164.40.41.2/32 25 out recv vx1 xmit vx0 setup ipfw add allow tcp from any 1024-65535 to 164.40.41.2/32 25 out recv vx1 xmit vx0 setup ipfw add allow tcp from 164.40.41.2/32 25 to any 1024-65535 out recv vx0 xmit vx1 established I know these are not working. Should I add these rules on the (later -1) label? ipfw add allow from any to 164.40.41.0/24 in recv vx0 ipfw add allow from 164.40.41.0/24 to any in recv vx1 I would like to keep the recv/xmit rules. Which mistakes am I making? Regards, Mario Ferreira ps: Please cc answers to me in private.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709222048.RAA28707>