Date: Fri, 27 Dec 2002 15:20:07 -0800 (PST) From: Manuel Kasper <mk@neon1.net> To: freebsd-bugs@FreeBSD.org Subject: Re: kern/46564: IPFilter and IPFW processing order is not sensible Message-ID: <200212272320.gBRNK7VV081985@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/46564; it has been noted by GNATS. From: Manuel Kasper <mk@neon1.net> To: <freebsd-gnats-submit@FreeBSD.org>, <mk@neon1.net> Cc: Subject: Re: kern/46564: IPFilter and IPFW processing order is not sensible Date: Sat, 28 Dec 2002 00:13:03 +0100 SORRY, I confused the ordering - the description is wrong! Actually, at the moment, ipfilter is always checked BEFORE ipfw for both incoming and outgoing packets, so the order really is: incoming: -> ipnat -> ipfilter -> ipfw outgoing: -> ipfilter -> ipnat -> ipfw The problem is still the same (outgoing packets are seen with a public source IP address, incoming packets will have a private/internal destination address when used with ipnat), and the fix is correct. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212272320.gBRNK7VV081985>