On Wednesday 03 August 2005 06:19, Oliver Fromme wrote: > > > out and xmit is probably exactly the same > > No, it's not. "out" just says that this rule matches only > outgoing packets. It doesn't specify anything about inter- > faces or addresses. >
packages catched by xmit IF are catched with out as well "xmit any" probably is another expression for "out" I do not see your point here > > still especially as you set > > src-ip and dst-ip so the interface where this packages are xmit > > is defined by the routes > > src-ip and dst-ip can be both faked and need not have good, then you do not catch them anyway by src|dst[-ip] unless you deny all but the src-ip you want to pass and a fake dst-ip don't know who would do that but certainly an interesting idea ... Hans A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
