Date: Sat, 19 Feb 2000 12:17:43 +0200 From: Ruslan Ermilov <ru@ucb.crimea.ua> Cc: William Wong <willwong@anime.ca>, freebsd-questions@FreeBSD.ORG Subject: Re: ipfw and natd Message-ID: <20000219121743.B96238@relay.ucb.crimea.ua> In-Reply-To: <20000218150000.D4423@hades.hell.gr>; from Giorgos Keramidas on Fri, Feb 18, 2000 at 03:00:00PM %2B0200 References: <006601bf7779$59342140$0300a8c0@anime.ca> <20000218150000.D4423@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 18, 2000 at 03:00:00PM +0200, Giorgos Keramidas wrote: > On Tue, Feb 15, 2000 at 12:56:05AM -0500, William Wong wrote: > > > > A curiosity question. > > > > Though I think it doesn't make much difference I think in the end... > > > > Should ipfw "deny/allow" rules be set before or after the "divert to > > natd" rule? > > > > I've been using the latter and everything seems to work right. > > Ipfw will use the action of the *first* matching rule. > Except the `tee', `count', and `skipto' rules, of course. This is all desribed in ipfw(8) manpage. > A rule like: > > deny ip from any to any > > will match with any IP datagram. Having the rules: > > deny ip from any to any > allow tcp from any to $myaddr 25 > > will make the second rule pretty much redundant, since ALL tcp packets > will match witht he first rule too and be dropped. > > -- > Giorgos Keramidas, < keramida @ ceid . upatras . gr > > For my public PGP key: finger keramida@diogenis.ceid.upatras.gr > PGP fingerprint, phone and address in the headers of this message. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Ruslan Ermilov Sysadmin and DBA of the ru@ucb.crimea.ua United Commercial Bank, ru@FreeBSD.org FreeBSD committer, +380.652.247.647 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000219121743.B96238>