Another bug in IPFW@ ...?
Luigi Rizzo
rizzo at icir.org
Wed Aug 3 09:12:04 GMT 2005
On Tue, Aug 02, 2005 at 09:51:45PM -0300, AT Matik wrote:
...
> even if I agree to your logic aspect in general I thought
>
> out and xmit is probably exactly the same still especially as you set
> src-ip and dst-ip so the interface where this packages are xmit is
> defined by the routes
>
> localhost normally runs on lo0 which is an interface as any other
>
> so which ghost packages you try to catch here?
there are internally generated packets which do not have
a rcvif (which is what really 'recv' means);
and any packet in the input path does not have an output-if
(which is wht really 'xmit' means).
so "out" and "xmit any" are the same thing
(and "in" is "not out" so the same as "not xmit any"), assuming
there is a route for the destination (but otherwise i believe the
packet is dropped before reaching the firewall),
but i cannot find a synonim for "recv any"
cheers
luigi
More information about the freebsd-ipfw
mailing list