From owner-freebsd-questions Tue Jul 28 20:03:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21180 for freebsd-questions-outgoing; Tue, 28 Jul 1998 20:03:31 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from andrew1.lnk.telstra.net (andrew1.lnk.telstra.net [139.130.51.121]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21163; Tue, 28 Jul 1998 20:03:24 -0700 (PDT) (envelope-from cagney@tpgi.com.au) Received: from tpgi.com.au (localhost [127.0.0.1]) by andrew1.lnk.telstra.net (8.8.8/8.7.3) with ESMTP id NAA02125; Wed, 29 Jul 1998 13:04:48 +1000 (EST) Message-ID: <35BE914A.A946F57D@tpgi.com.au> Date: Wed, 29 Jul 1998 13:04:42 +1000 From: Andrew Cagney X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.6-RELEASE i386) MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG CC: freebsd-security@FreeBSD.ORG, cagney@tpgi.com.au Subject: IPFW rules applied twice? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, Given a network arramgement physically wired as: FIREWALL <-ppp0-internet-... <-vx0-ethernet-vx0-> LOCALMC (for what of a better notation). Then a packet from the internet destined for LOCALMC takes the path: INTERNET -> ppp0 interface -> FIREWALL route tables -> vx0 interface -> ethernet -> vx0/LOCALMC My question: Do the IPFW rules get applied twice? o when the packet comes IN on the ppp0 interface. o when the packet goes OUT on the vx0 interface. I think they do (as they should). The problem is, I can't find anything in the IPFW documentation that confirms this. Can someone confirm that this firewall is `normal'? :-) Did I miss something in the doco? If I didn't, should something be added? enjoy, Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message