-- Name : Xie Hua Gang | Email : [EMAIL PROTECTED] Address: National Research Center for | Phone : (010)62534642,62587952 Intelligent Computing System | Homepage: http://frost.ncic.ac.cn/~xhg PO.Box 2704,Beijing 100080,China |
Neil Moore-Smith wrote:This is obviously a stupid question to the cognoscenti, but what do theIn +---+ Out --------------> | | ---------------> <------------- | | <---------------- Out +---+ In
"input" and "output" firewall options on the ipfwadm command actually, or
are meant to be used for?
Firewall
in/out is the direction of the tcp/ip dataflow .the dataflow is checked on the Firewall with 5 stages:I have a LRP firewall set up up with machine "A" on the internal network
side. With no firewalling (i.e. accept all) I can ping it, read it's web
pages etc from the external side. I can then use ipfwadm -F to block http
(for example) from a specific external host. This works fine. If I then
reinstate forwading and use ipfwadm -I with similar parameters, I get the
same result. So what's the difference between F, I, and O? Is F simply a
combination of I and O for ease of use?-----> Account -----> IN --------> Forward --------> Out ---> Account
So, If You use ipfwadm -F and -I with the same rules, it is similar with the Forward rules..And also, with Forward The Firewall Can be act as an ip masqurade router..
-- Name : Xie Hua Gang | Email : [EMAIL PROTECTED] Address: National Research Center for | Phone : (010)62534642,62587952 Intelligent Computing System | Homepage: http://frost.ncic.ac.cn/~xhg PO.Box 2704,Beijing 100080,China | http://server.th-dascom.com.cn/~xhg/~xhg/
