I have four ideia for IPFW2
Luigi Rizzo
rizzo at icir.org
Wed Jul 9 18:51:59 PDT 2003
On Thu, Jul 10, 2003 at 09:43:55AM +1000, Gregory Bond wrote:
> > My idea is an keyword specific for each interface.
> > Sample:
> > ipfw add allow ip from any to me_xl0 via xl0
>
> This is easy to do with a little bit of shell hacking in rc.firewall
> me_xl0=`ifconfig xl0 | awk '/inet /{ print $2;}'`
actually not. "me" is evaluated at runtime so if the interface
address changes your awk hack will fail.
This said, "... to me_xl0 via xl0 " (where btw i do not understand
the 'via' part as it will only make sense as 'in recv xl0') seems
to break in case you are multihomed because it would require people
to use a different address to talk to you according to which side
they are...
cheers
luigi
More information about the freebsd-ipfw
mailing list