On Monday 05 November 2007 02:10:12 Juri Mianovich wrote: > Is there a way to tell ipfw: > > "all interfaces currently configured on this system" ?
That's not possible directly, I think. > I have a laptop and at any time I could plug in a USB > NIC or plug in a pccard, in addition to the onboard > LAN and WIFI, either of which may or may not be > configured at boot time. Being configured or not isn't a problem for ipfw. The interface is just a string and can be anything regardless of validity, such as rl0, fxp0, blah etc. Asterisks can be also used to denote a shell-like interface-name matching e.g. rl* > > So the point is, the active, configured interfaces > changes regularly. > > So if I have a rule like: > > allow ip from any to any via iwi0 > > that won't work well, and neither will: > > allow ip from any to any via iwi0,abc0 I am not sure you have understood correctly the "via" keyword. Read the ipfw manual. Not all packets have receive or transmit interfaces so that might a problem you haven't considered. Is "via" what you want? > So is there any way to say "all interfaces currently > configured" and have that rule apply to new interfaces > automatically as they are added and subtracted from > the system ? You can use "me" which is an alias for "my IP addresses". allow ip from any to me allow ip from me to any This ruleset effectivelly allows all trafic from you to the world and from the world to you. Ofcourse there is not interface checking. HTH, Nikos _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"