Re: ipfw rule question ... all possible interfaces ?
On Mon, 5 Nov 2007 00:22:00 + RW [EMAIL PROTECTED] wrote: On Sun, 4 Nov 2007 16:10:12 -0800 (PST) Juri Mianovich [EMAIL PROTECTED] wrote: Is there a way to tell ipfw: all interfaces currently configured on this system ? ... So if I have a rule like: allow ip from any to any via iwi0 You don't have to use via in a rule. That's true, though you can also specify 'via any'. Whether either is actually a good idea for the case in question may be another matter .. Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw rule question ... all possible interfaces ?
On Monday 05 November 2007 02:10:12 Juri Mianovich wrote: Is there a way to tell ipfw: all interfaces currently configured on this system ? That's not possible directly, I think. I have a laptop and at any time I could plug in a USB NIC or plug in a pccard, in addition to the onboard LAN and WIFI, either of which may or may not be configured at boot time. Being configured or not isn't a problem for ipfw. The interface is just a string and can be anything regardless of validity, such as rl0, fxp0, blah etc. Asterisks can be also used to denote a shell-like interface-name matching e.g. rl* So the point is, the active, configured interfaces changes regularly. So if I have a rule like: allow ip from any to any via iwi0 that won't work well, and neither will: allow ip from any to any via iwi0,abc0 I am not sure you have understood correctly the via keyword. Read the ipfw manual. Not all packets have receive or transmit interfaces so that might a problem you haven't considered. Is via what you want? So is there any way to say all interfaces currently configured and have that rule apply to new interfaces automatically as they are added and subtracted from the system ? You can use me which is an alias for my IP addresses. allow ip from any to me allow ip from me to any This ruleset effectivelly allows all trafic from you to the world and from the world to you. Ofcourse there is not interface checking. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw rule question ... all possible interfaces ?
Is there a way to tell ipfw: all interfaces currently configured on this system ? I have a laptop and at any time I could plug in a USB NIC or plug in a pccard, in addition to the onboard LAN and WIFI, either of which may or may not be configured at boot time. So the point is, the active, configured interfaces changes regularly. So if I have a rule like: allow ip from any to any via iwi0 that won't work well, and neither will: allow ip from any to any via iwi0,abc0 So is there any way to say all interfaces currently configured and have that rule apply to new interfaces automatically as they are added and subtracted from the system ? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw rule question ... all possible interfaces ?
On Sun, 4 Nov 2007 16:10:12 -0800 (PST) Juri Mianovich [EMAIL PROTECTED] wrote: Is there a way to tell ipfw: all interfaces currently configured on this system ? ... So if I have a rule like: allow ip from any to any via iwi0 You don't have to use via in a rule. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: ipfw rule question ... all possible interfaces ?
Is there a way to tell ipfw: all interfaces currently configured on this system ? I have a laptop and at any time I could plug in a USB NIC or plug in a pccard, in addition to the onboard LAN and WIFI, either of which may or may not be configured at boot time. So the point is, the active, configured interfaces changes regularly. So if I have a rule like: allow ip from any to any via iwi0 that won't work well, and neither will: allow ip from any to any via iwi0,abc0 So is there any way to say all interfaces currently configured and have that rule apply to new interfaces automatically as they are added and subtracted from the system ? Try this: allow ip from any to any Just leave out via __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions- [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
