ipfw rule question ... all possible interfaces ?
Nikos Vassiliadis
nvass at teledomenet.gr
Mon Nov 5 01:28:50 PST 2007
On Monday 05 November 2007 02:10:12 Juri Mianovich wrote:
> Is there a way to tell ipfw:
>
> "all interfaces currently configured on this system" ?
That's not possible directly, I think.
> I have a laptop and at any time I could plug in a USB
> NIC or plug in a pccard, in addition to the onboard
> LAN and WIFI, either of which may or may not be
> configured at boot time.
Being configured or not isn't a problem for ipfw.
The interface is just a string and can be anything
regardless of validity, such as rl0, fxp0, blah etc.
Asterisks can be also used to denote a shell-like
interface-name matching e.g. rl*
>
> So the point is, the active, configured interfaces
> changes regularly.
>
> So if I have a rule like:
>
> allow ip from any to any via iwi0
>
> that won't work well, and neither will:
>
> allow ip from any to any via iwi0,abc0
I am not sure you have understood correctly the "via" keyword.
Read the ipfw manual. Not all packets have receive or transmit
interfaces so that might a problem you haven't considered.
Is "via" what you want?
> So is there any way to say "all interfaces currently
> configured" and have that rule apply to new interfaces
> automatically as they are added and subtracted from
> the system ?
You can use "me" which is an alias for "my IP addresses".
allow ip from any to me
allow ip from me to any
This ruleset effectivelly allows all trafic from you to
the world and from the world to you. Ofcourse there is
not interface checking.
HTH, Nikos
More information about the freebsd-questions
mailing list