ipfw's "via" rule option/match pattern
Gregory Orange
gregory.orange at calorieking.com
Tue Aug 25 02:51:27 UTC 2015
On 25/08/15 05:29, andreas scherrer wrote:
>> In freebsd-questions Digest, Vol 585, Issue 3, Message: 9
>> Yes; [4] is clearly wrong in this respect. 'out via' does NOT check the
>> receive interface if the transmit interface is known.
>
> In summary I think it would be reasonable to advise people to *not* use
> "via" in combination with "in" or "out".
>
> "in via $if" => "in recv $if"
> "out via $if" => "out xmit $if"
I am particularly interested to see whether we get some consensus on
this. I am reviewing a number of firewall configurations right at the
moment, and look to you all for a recommendation on this issue.
> Assuming the above is correct and that I wanted to tackle the issue of
> rewriting the ipfw handbook section: how would I do that (i.e. how to
> submit a new version)?
Andreas, it appears from the handbook homepage[1] that one should
contact the freebsd-doc@ list[2]. A quick glance at the archives
suggests to me that changes are backed onto bugzilla[3].
I am certainly grateful for efforts spent maintaining this excellent
handbook. The web is a rich source of helpful content, but having an
official, curated handbook from a single source (albeit many authors) is
even better.
Regards,
Greg.
[1] https://www.freebsd.org/doc/handbook/
[2] https://lists.freebsd.org/mailman/listinfo/freebsd-doc
[3] https://bugs.freebsd.org/bugzilla/
More information about the freebsd-questions
mailing list