Another bug in IPFW@ ...?
AT Matik
asstec at matik.com.br
Wed Aug 3 00:51:57 GMT 2005
On Tuesday 02 August 2005 14:46, Oliver Fromme wrote:
> > P.S. looks very strange "out not recv any xmit"
>
> It's perfectly valid syntax according to ipfw(8).
(1+1-1)/1 also ... ;)
>
> 1. "out" --> match only outgoing packets.
>
> 2. "not recv any" --> match packets that haven't been
> received through any interface (i.e. which originate
> from the local host). It's simply a negation of
> "recv any", see the ipfw(8) manpage.
>
> 3. "xmit dc0" --> match packets which are going to be
> transmitted through the dc0 interface.
>
even if I agree to your logic aspect in general I thought
out and xmit is probably exactly the same still especially as you set
src-ip and dst-ip so the interface where this packages are xmit is
defined by the routes
localhost normally runs on lo0 which is an interface as any other
so which ghost packages you try to catch here?
probably this rule you try is a deny all rule since any package is
beeing received by some IF before it can go out or xmit
Hans
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list