In the last episode (Jan 06), Jonathan Belson said:
> Ceri Davies wrote:
> >On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote:
> >>I've just been looking into the 'me' option for ipfw:
> >>
> >>me matches any IP address configured on an interface in the
> >> system. The address list is evaluated at the time the
> >> packet is analysed.
> >>
> >> Since the machine is a gateway, it has two network cards. Will
> >> 'me' match *both* IP address or just the first one it comes
> >> across? I only really want it to match the IP address of the
> >> external interface, not the internal one.
> >
> > Both, I'm afraid.
>
> Hmm, I suppose since tests for IP spoofing through the external
> interface have already been carried out by that point, it isn't that
> much of a problem.
>
> Does the fancy-pants new IPFW2 allow more control for 'me'?
me is me. Maybe the "recv | xmit | via {ifX | if* | ipno | any}"
options will help? What exactly are you trying to allow/block?
--
Dan Nelson
[EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
