Date: Wed, 3 Aug 2005 07:56:40 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Subject: Re: Another bug in IPFW@ ...? Message-ID: <200508030756.41257.asstec@matik.com.br> In-Reply-To: <200508030919.j739JPAL010571@lurza.secnetix.de> References: <200508030919.j739JPAL010571@lurza.secnetix.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 03 August 2005 06:19, Oliver Fromme wrote: > > > out and xmit is probably exactly the same > > No, it's not. "out" just says that this rule matches only > outgoing packets. It doesn't specify anything about inter- > faces or addresses. > packages catched by xmit IF are catched with out as well "xmit any" probably is another expression for "out" I do not see your point here > > still especially as you set > > src-ip and dst-ip so the interface where this packages are xmit > > is defined by the routes > > src-ip and dst-ip can be both faked and need not have good, then you do not catch them anyway by src|dst[-ip] unless you deny all but the src-ip you want to pass and a fake dst-ip don't know who would do that but certainly an interesting idea ... Hans A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508030756.41257.asstec>