in via or in recv

[Oliver Fromme]

The question is already a few days old, but I thought
I might throw in my answer nevertheless.  :-)

vladone <vladone at spaingsm.com> wrote:
 > What is difference between:
 >   1. in via - in recv

No difference.  When checking incoming packets (which "in"
means), only the receiving interface is known, but not yet
the transmitting interface, so "via" and "recv" do the same
thing in that case.

 >   2. out via - out xmit

When checking outgoing packets ("out"), both the receiving
and the transmitting interface are known, so "via" compares
with both, while "xmit" only compares with the transmitting
interface.  That's why "xmit" can only be used with "out",
not with "in", while "recv" can be used with both "out" and
"in".

All of that is explained in detail in the ipfw(8) manpage.

 > When need to use an variant or another?

That depends on what you want to do.  In my experience
there is rarely a need for "via".  Usually you only need
"recv" and "xmit" (optionally combined with "in" and "out"
as appropriate for your rules).

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

I suggested holding a "Python Object Oriented Programming Seminar",
but the acronym was unpopular.
        -- Joseph Strout