ipfw with fw.one_pass doesnt work when specifying interface
Barry Murphy
barry at unix.co.nz
Wed Feb 15 14:50:57 PST 2006
Hey guys,
I've found "/sbin/sysctl net.inet.ip.fw.one_pass=0" not to work on rules
that have the "in via IF" specified.
Replicated:
ipfw add 00082 count log ip from 60.234.68.88/29 to any in via em1
ipfw add 00082 count log ip from any to 60.234.68.88/29 out via em1
ipfw add 01082 count log ip from 60.234.68.88/29 to any in via em1
ipfw add 01082 count log ip from any to 60.234.68.88/29 out via em1
Rule 82 picks up traffic but rule 1082 gets none.
It works fine if I use:
ipfw add 00082 count ip from any to 60.234.68.88/29 in
ipfw add 00082 count ip from 60.234.68.88/29 to any out
ipfw add 01082 count ip from any to 60.234.68.88/29 in
ipfw add 01082 count ip from 60.234.68.88/29 to any out
However I need to specify an interface (em1) as I'll be adding a FWD rule to
a transparent proxy and want it to count the traffic to the proxy too.
Any ideas?
Cheers
Barry
More information about the freebsd-ipfw
mailing list