in via or in recv
Jeremie Le Hen
jeremie at le-hen.org
Fri Sep 16 05:27:50 PDT 2005
Hi,
> vladone <vladone at spaingsm.com> wrote:
> > What is difference between:
> > 1. in via - in recv
>
> No difference. When checking incoming packets (which "in"
> means), only the receiving interface is known, but not yet
> the transmitting interface, so "via" and "recv" do the same
> thing in that case.
>
> > 2. out via - out xmit
>
> When checking outgoing packets ("out"), both the receiving
> and the transmitting interface are known, so "via" compares
> with both, while "xmit" only compares with the transmitting
> interface. That's why "xmit" can only be used with "out",
> not with "in", while "recv" can be used with both "out" and
> "in".
>
> All of that is explained in detail in the ipfw(8) manpage.
>
> > When need to use an variant or another?
>
> That depends on what you want to do. In my experience
> there is rarely a need for "via". Usually you only need
> "recv" and "xmit" (optionally combined with "in" and "out"
> as appropriate for your rules).
Given that this question is regurlarly asked, I've just written a
webpage explaining the difference among "via", "xmit" and "recv",
based on what has been said here in the past and my own understanding
of ipfw code.
http://tataz.chchile.org/~tataz/ipfw_via_recv_xmit.html
This is quite short to read, and I would like some feedback on it.
Best regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-ipfw
mailing list