In practice, both "recv any" and "not recv any" appear to be "no-op"
phrases.
[...]
In my opinion, the following would be "ideal"
1) "recv any" -- matches packets that have been received by the host
through one of its interfaces
2) "not recv any" -- does not match packets that have been received by
the host through one of its interfaces
Unfortunately, implementing (1) would likely break a lot of people's
rule sets
(2), however, I can't immediately see being used without expecting that
it would fail to match packets that were received by the current host,
so its implementation would be a bit "safer" for the community
Julian Elishcher suggested:
how does "not recv *" (appropriatly escaped for your shell) do?
This does appear to "work as desired" -- suggesting documentation clarification
rather than functionality change
My apologies for not posting to the ipfw list.
Jeff
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
