ipfw & skipto.... confused a bit...
Chris Knipe
savage at savage.za.org
Fri Aug 13 00:08:08 PDT 2004
----- Original Message -----
From: "Ian FREISLICH" <if at hetzner.co.za>
To: "Chris Knipe" <savage at savage.za.org>
Cc: <freebsd-ipfw at freebsd.org>
Sent: Friday, August 13, 2004 9:02 AM
Subject: Re: ipfw & skipto.... confused a bit...
> "Chris Knipe" wrote:
> > Hi all,
> >
> > I'm a tad confused with skiptos. I want to use them, because I am
> > automating setup procedures of rather large firewall tables via perl /
> > mysql. From the 65535 available rules, blocks have been reserved for
> > certain type of functions during the firewalling process. As such, I
> > basically use all the available numbers. My last automated block is
from
> > 65450 to 65500 :/
> >
> > Let's have a look quickly at a small block so that I can have a example
of
> > what I am referring to....
> >
> > #######################################################################
> > #### Transparent Services ###
> > #######################################################################
> > ${fwcmd} add 16000 allow tcp from ${LANIP} to any 25 out via tun1
skipto
> > 16010
>
> I thought that you had to use skipto as the action, not the rule body:
>
> ${fwcmd} add 16000 skipto 16010 tcp from ${LANIP} to any 25 out via tun1
Yes. That is correct. However, that will only skip of the rule matches vs.
a simple allow statement. How do you match a skipto if you are not allowing
traffic, but queueing / denying / forwarding it??
--
Chris.
More information about the freebsd-ipfw
mailing list