Date: Tue, 21 Jan 1997 12:41:34 -0800 (PST) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: questions@freebsd.org Subject: ipfw questions Message-ID: <Pine.BSF.3.95.970121122733.3126A-100000@harlie>
next in thread | raw e-mail | index | archive | help
I'm finally starting to play around with more complex firewalling using ipfw, and I'm not sure I understand the implications of via. I'm getting the impression that if machine A sends a packet to machine C through firewall B, that the packet will be matched twice, once on it's way in to the firewall, and once on it's way out, though it can be the same rule. Is this correct? I guess what I'm asking is, in a multihomed firewall, does the rule /sbin/ipfw /sbin/ipfw add 1000 pass all from any to any via ed0 in mean that any packet going in via ed0 will be accepted and sent back out privided not blocked by a previous rule? Or would I need a corresponding rule that matches the packet on its way out? I'm not referring to a packet and response, but to a packet that should be forwarded by the firewall. Unfortunately, I only have our production equipment to play with, otherwise I would determine this myself through experimentation.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970121122733.3126A-100000>