From owner-freebsd-ipfw  Fri Nov  2 11:45:21 2001
Delivered-To: freebsd-ipfw@freebsd.org
Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84])
	by hub.freebsd.org (Postfix) with ESMTP id 6829F37B408
	for <ipfw@freebsd.org>; Fri,  2 Nov 2001 11:45:18 -0800 (PST)
Received: from dialup-209.247.136.94.dial1.sanjose1.level3.net ([209.247.136.94] helo=blossom.cjclark.org)
	by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 15zkFh-0000X8-00; Fri, 02 Nov 2001 11:45:17 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id fA2JiqQ09309;
	Fri, 2 Nov 2001 11:44:52 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 2 Nov 2001 11:44:52 -0800
From: "Crist J. Clark" <cristjc@earthlink.net>
To: John Massier <j_massier@hotmail.com>
Cc: ipfw@FreeBSD.ORG
Subject: Re: IN/OUT
Message-ID: <20011102114452.M4360@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <F11RnMbzrlRK8Nn97Yr000199b1@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <F11RnMbzrlRK8Nn97Yr000199b1@hotmail.com>; from j_massier@hotmail.com on Fri, Nov 02, 2001 at 05:44:42PM +0100
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-ipfw@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ipfw.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ipfw>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ipfw>
X-Loop: FreeBSD.ORG

On Fri, Nov 02, 2001 at 05:44:42PM +0100, John Massier wrote:
> Hi, I´m a newbie in IPFW and i´m a bit confused with something.
> 
> I can´t see the difference when you add a new rule between using <from 
> source to destination> to imply the way of the packet and using in/out.
> 
> What´s the real use of in/out?? Does this way imply direction?? Or in/out 
> are only used for specify interfaces??

In a typical firewall when a packet passes through we have a situation
like,

  wire ----> firewall ----> wire
        in            out

Where "in" and "out" are marked appropriately. Note that I have _not_
specified internal or external interfaces of the firewall. Generally,
"in" indicates the packet has just been received by the machine from
the network, and "out" means that the packet is about to be put out
onto the wire.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message