Hi,
I am trying to understand how ipfilter works (the version bundled with
FreeBSD 4.10)
1) what fr_check is doing?
- rewrite the packet if there is a redirection that apply
- return 0 if the packet can pass
- return something else in other case
- do not send the packet to the network interface
2) in case of a rule "block out quick on xl0 to xl1"
- what is the return value of fr_check?
- from what I can see, the reply would be that the packet is blocked
but it is sent to the correct intercace (xl1) anyway.
Thanks in advance,
olivier
