Date: Wed, 3 Aug 2005 02:11:51 -0700 From: Luigi Rizzo <rizzo@icir.org> To: AT Matik <asstec@matik.com.br> Cc: freebsd-ipfw@freebsd.org Subject: Re: Another bug in IPFW@ ...? Message-ID: <20050803021151.B80694@xorpc.icir.org> In-Reply-To: <200508022151.45925.asstec@matik.com.br>; from asstec@matik.com.br on Tue, Aug 02, 2005 at 09:51:45PM -0300 References: <200508021746.j72Hk6Wq006760@lurza.secnetix.de> <200508022151.45925.asstec@matik.com.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 02, 2005 at 09:51:45PM -0300, AT Matik wrote: ... > even if I agree to your logic aspect in general I thought > > out and xmit is probably exactly the same still especially as you set > src-ip and dst-ip so the interface where this packages are xmit is > defined by the routes > > localhost normally runs on lo0 which is an interface as any other > > so which ghost packages you try to catch here? there are internally generated packets which do not have a rcvif (which is what really 'recv' means); and any packet in the input path does not have an output-if (which is wht really 'xmit' means). so "out" and "xmit any" are the same thing (and "in" is "not out" so the same as "not xmit any"), assuming there is a route for the destination (but otherwise i believe the packet is dropped before reaching the firewall), but i cannot find a synonim for "recv any" cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050803021151.B80694>