Date: Tue, 14 May 2002 11:38:20 -0700 From: rick norman <rick.norman@lmco.com> To: "Crist J. Clark" <cjc@FreeBSD.ORG> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw and aliases Message-ID: <3CE1599C.42071126@lmco.com> References: <3CDB2CED.DCC3092F@lmco.com> <20020511134633.A2824@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is true for the inbound path, however for the outbound path the info is available. It should be possible to have a qualifier that recognizes the alias's independantly from the interface. Rick "Crist J. Clark" wrote: > On Thu, May 09, 2002 at 07:14:06PM -0700, rick norman wrote: > > Is it possible to write a firewall rule for a router with one interface > > with multiple aliased ip > > addresses that will grab pkts based on the IP_alias they are routed in > > or out on, rather than the src or des address of the pkt. > > No, there is no way to do this. The information is simply not > available to the system. There is no way for it to know what IP > address a remote machine might have used to pick its link-layer > address for forwarding the packet. > -- > Crist J. Clark | cjclark@alum.mit.edu > | cjclark@jhu.edu > http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CE1599C.42071126>