Another bug in IPFW@ ...?
AT Matik
asstec at matik.com.br
Wed Aug 3 10:56:47 GMT 2005
On Wednesday 03 August 2005 06:19, Oliver Fromme wrote:
>
> > out and xmit is probably exactly the same
>
> No, it's not. "out" just says that this rule matches only
> outgoing packets. It doesn't specify anything about inter-
> faces or addresses.
>
packages catched by xmit IF are catched with out as well
"xmit any" probably is another expression for "out"
I do not see your point here
> > still especially as you set
> > src-ip and dst-ip so the interface where this packages are xmit
> > is defined by the routes
>
> src-ip and dst-ip can be both faked and need not have
good, then you do not catch them anyway by src|dst[-ip] unless you
deny all but the src-ip you want to pass
and a fake dst-ip don't know who would do that but certainly an
interesting idea ...
Hans
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list