Another bug in IPFW@ ...?
Nicolas Rachinsky
fbsd-div-0 at ml.turing-complete.org
Wed Aug 3 08:30:45 GMT 2005
* Oliver Fromme <olli at lurza.secnetix.de> [2005-08-03 10:25 +0200]:
> Sten Daniel Sørsdal <lists at wm-access.no> wrote:
> > Oliver Fromme wrote:
> > > However, the problem is that the second option is being
> > > ignored, and I would like to know why, and how to work-
> > > around the bug.
> >
> > Would this work?:
> >
> > # ipfw add pass ip from me to $N out xmit xl0
>
> No. It wouldn't check the (non-existing) incoming interface.
> The "from me" pattern does not check any interfaces. It only
> checks that the source IP in the packet is one of the locally
> configured IP addresses.
ipfw add deny ip from me to any in
ipfw add pass ip from me to $N out xmit xl0
But I would like the 'not recv any' feature, too. At the moment I use
a static list.
Nicolas
More information about the freebsd-ipfw
mailing list