ng_patch and swap_pager_getswapspace error
Eugene Grosbein
eugen at grosbein.net
Wed Dec 20 08:48:15 UTC 2017
On 19.12.2017 21:46, wishmaster wrote:
>>> /sbin/ipfw add 15002 netgraph 100 ip from me to not me recv "*"
>>
>> Why do you have incoming ip packets sourced from your IP?
>
> It's ok. I use per-interface ACL.
>
> # out
> ipfw -fq table tbl_OUT_IF flush
> ...
> ipfw table tbl_OUT_IF add tun1 15000 #
> ...
>
>
> $cmd 100 skipto tablearg log all from any to any in recv "table(tbl_IN_IF)"
> $cmd 110 skipto tablearg log all from any to any out xmit "table(tbl_OUT_IF)"
>
>
> ### OUT ext_if tun0
> $cmd 15000 nat 1 log all from not me to not me recv "*" # LAN traffic
> # !!! 15002 here
> $cmd 15020 allow log all from me to not me recv "*" # LAN traffic
It is not OK. It does not make any sense: "from me ... recv" is NOT
any kind of normal LAN traffic. This expression describes spoofed traffic.
More information about the freebsd-net
mailing list