From owner-freebsd-net@FreeBSD.ORG Wed May 7 11:41:41 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 03DB237B401 for ; Wed, 7 May 2003 11:41:41 -0700 (PDT) Received: from hubsch.org (as1-3-6.ars.s.bonet.se [194.236.5.112]) by mx1.FreeBSD.org (Postfix) with SMTP id 919DD43FA3 for ; Wed, 7 May 2003 11:41:39 -0700 (PDT) (envelope-from nisse@hubsch.org) Received: (qmail 41521 invoked by uid 204); 7 May 2003 18:41:33 -0000 Received: from unknown (HELO snaps.home) (172.16.1.3) by 0 with SMTP; 7 May 2003 18:41:33 -0000 Date: Wed, 7 May 2003 20:41:33 +0200 (CEST) From: nisse@hubsch.org X-X-Sender: micke@snaps.home To: freebsd-net@freebsd.org Message-ID: <20030507203714.E41411-100000@snaps.home> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: ipfw2: Detecting packets without incoming interface X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2003 18:41:41 -0000 In ipfw1 I could use "recv any" to indicate that a packet originated on a remote host. To for example prevent tcp traffic from being forwarded trough the host but still allow traffic to/from the host on all interfaces it was possible to say ipfw add deny tcp from any to any out recv any ipfw add allow tcp from any to any How do I do this with ipfw2? I want to detect locally generated packets. netinet/ip_fw2.c does't seem to handle the "any" case and ipfw2.c has the following code: /* Parse the interface or address */ if (!strcmp(arg, "any")) cmd->o.len = 0; /* effectively ignore this command */ -- Mikael Hubsch