IPFW and VLANs
Eugene Grosbein
eugen at grosbein.net
Sun Apr 6 10:57:44 UTC 2014
On 06.04.2014 09:26, Brett Glass wrote:
> I added a few more rules, with "recv" and "xmit" options, and
> checked the counts again after zeroing them and letting the router
> run for a bit:
>
> 00001 20591 8769298 count ip from any to any layer2 via re0_1
> 00002 18715 8725085 count ip from any to any layer2 via re0
> 00003 0 0 count ip from any to any not layer2 via re0
> 00004 18715 8725085 count ip from any to any layer2 recv re0
> 00005 18715 8725085 count ip from any to any layer2 xmit re0
> 00006 12746 1324342 count ip from any to any layer2 recv re0_1
> 00007 20592 8770798 count ip from any to any layer2 xmit re0_1
>
> Maybe I am missing something (as I often do), but this seems just plain wrong.
>
> What gives? Help in interpreting these results would be much appreciated.
You should use "in recv" and "out xmit" instead of just recv/xmit
as routed packet will match BOTH of "recv $in_if" and "xmit $out_if".
More information about the freebsd-net
mailing list