After many years I've been using ipfw I've suddently realized it doesn't
do what I
would expect...
Let's keep it to this simple example. On my firewall box I have 2 nics,
with machines
attached to either side of it:
Client 1 ----------rl0-|IPFW BOX|-rl1------------Client2
(let's suppose that both Client1 and Client2 know about their respective
routes...)
I have a sigle rule: in ipfw
add 10 allow icmp from any to any in via rl1
(the ping won't come back, but it doesn't matter here)
What I expected, until yesterday, is that if I ping from Client2 to
Client1, my ping _ONLY_ passed
through interface rl1, _NOT_ rl0! So, if I had wanted to make it pass
throght the whole
firewall I would had set 2 rules:
add 10 allow icmp from any to any in via rl1
add 20 allow icmp from any to any out via rl0
If I set the logs, I notice that the rule 10 will be matched twice:
10 Allow ...in via rl1
10 Allow ...out via rl0
I don't like it. It doesn't give me enough control over the flows of
traffic.
What do you think about this?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
