From owner-freebsd-questions  Mon Jan  6  9:31:26 2003
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A5A9D37B401
	for <freebsd-questions@FreeBSD.ORG>; Mon,  6 Jan 2003 09:31:24 -0800 (PST)
Received: from sage-american.com (adsl-65-71-135-139.dsl.crchtx.swbell.net [65.71.135.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DCD4843EC5
	for <freebsd-questions@FreeBSD.ORG>; Mon,  6 Jan 2003 09:31:21 -0800 (PST)
	(envelope-from jackstone@sage-one.net)
Received: from sagea (sagea.sage-american [192.168.0.3])
	by sage-american.com (8.12.6/8.12.6) with SMTP id h06HVIJ7045302;
	Mon, 6 Jan 2003 11:31:18 -0600 (CST)
	(envelope-from jackstone@sage-one.net)
Message-Id: <3.0.5.32.20030106113121.011ef950@mail.sage-one.net>
X-Sender: jackstone@mail.sage-one.net
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32)
Date: Mon, 06 Jan 2003 11:31:21 -0600
To: Jonathan Belson <jon@witchspace.com>,
	Ceri Davies <setantae@submonkey.net>
From: "Jack L. Stone" <jackstone@sage-one.net>
Subject: Re: [Q] ipfw and 'me'
Cc: freebsd-questions@FreeBSD.ORG
In-Reply-To: <3E19BB9E.6010207@witchspace.com>
References: <3E19B689.2090207@witchspace.com>
 <20030106171001.GA13668@submonkey.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Spam-Status: No, hits=-1.3 required=4.5
	tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_00_01
	version=2.43-jlsrules1
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

At 05:23 PM 1.6.2003 +0000, Jonathan Belson wrote:
>Ceri Davies wrote:
>> On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote:
>> 
>>>I've just been looking into the 'me' option for ipfw:
>>>
>>>me      matches any IP address configured on an interface in the
>>>        system.  The address list is evaluated at the time the
>>>        packet is analysed.
>>>
>>>Since the machine is a gateway, it has two network cards.  Will
>>>'me' match *both* IP address or just the first one it comes
>>>across?  I only really want it to match the IP address of the
>>>external interface, not the internal one.
>> 
>> Both, I'm afraid.
>
>Hmm, I suppose since tests for IP spoofing through the external
>interface have already been carried out by that point, it isn't
>that much of a problem.
>
>Does the fancy-pants new IPFW2 allow more control for 'me'?
>
>
>--Jon
>

The best way to do this is to use "awk" to determine and set a variable for
the external IP every time it changes and then refer to that variable in
your rules.


Best regards,
Jack L. Stone,
Administrator

SageOne Net
http://www.sage-one.net
jackstone@sage-one.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message