On Thu, 28 Jul 2005, Gary W. Swearingen wrote:
Thanks guys. I think I've got most of it now.
[..]
When it tests an incoming packet it doesn't try to predict which
interface it will be transmitted on (not sure why, if NAT isn't on),
so in rules don't match against an xmit interface.
Dave McCammon [EMAIL PROTECTED] writes:
Here is a link to a thread that help me to understand
the in/out/recv/xmit stuff.
Thanks guys. I think I've got most of it now.
Incoming packets are those entering the OS kernel implementing the
ipfw firewall, but not necessarily those entering the
(Re: freebsd-questions Digest, Vol 105, Issue 7)
Gary writes:
I see in another msg that I'm not the only one scratching my head over
the ipfw manpage's explanation of in/out/recv/xmit/via concepts. I've
spent many hours reading that manpage and working on my rc.firewall
(and it seems to
--- Gary W. Swearingen [EMAIL PROTECTED] wrote:
I see in another msg that I'm not the only one
scratching my head over
the ipfw manpage's explanation of
in/out/recv/xmit/via concepts. I've
spent many hours reading that manpage and working on
my rc.firewall
(and it seems to work OK,
in message [EMAIL PROTECTED],
wrote Dave McCammon thusly...
Here is a link to a thread that help me to understand the
in/out/recv/xmit stuff.
I see in another msg that I'm not the only one scratching my head over
the ipfw manpage's explanation of in/out/recv/xmit/via concepts. I've
spent many hours reading that manpage and working on my rc.firewall
(and it seems to work OK, based on the logging), but I can't figure
out what it's trying
Gary W. Swearingen wrote:
[ ... ]
The manpage says we have incoming and outgoing packets.
In and out of what?
Into and out of the system.
NIC or kernel or ipfw or computer?
Yes, all of those.
The manpage describes:
recv | xmit | via {ifX | if* | ipno | any}
Is my de0 an ifX or an
Is my de0 an ifX or an if*?
(exact name or device name)
de0 is an ifX.
What would be an example of the other?
de*?
I guess that should have been obvious. I'll try to get
the exact name and device name descriptions improved.
Does ipno mean an numerical Internet address?
(It's not
