Date: Fri, 9 Mar 2001 20:22:04 -0600 From: Bill Fumerola <billf@mu.org> To: Patrick Bihan-Faou <patrick@netzuno.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: interface specification extension for ipfw Message-ID: <20010309202204.Y31752@elvis.mu.org> In-Reply-To: <HJEEKLMFLKEOKHOKNPBMKEMNCLAA.patrick@netzuno.com>; from patrick@netzuno.com on Fri, Mar 09, 2001 at 07:25:49PM -0500 References: <HJEEKLMFLKEOKHOKNPBMKEMNCLAA.patrick@netzuno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 09, 2001 at 07:25:49PM -0500, Patrick Bihan-Faou wrote:
> I am currently building a firewall using ipfw, and I am facing a small
> issue. In order to group my rules in some meaningfull way (to me), the first
> thing I do is split the packets per interface. Depending on the recv
> interface, I go to a different region of the ruleset using "skipto".
> Now, according to the ipfw man page, packets generated by or destined to the
> local host will not have recv or xmit interface information respectively.
I'm working on interface specific ipfw lists already. Once I can get a -current
kernel that doesn't lock my test box solid after being booted for 5 minutes
maybe I'll even be able to continue work.
--
Bill Fumerola - security yahoo / Yahoo! inc.
- fumerola@yahoo-inc.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010309202204.Y31752>