> Is this a bug or have I misunderstood?
> Why is it possible to say "out recv <iface>"? Or for that matter, "in
> xmit <iface>"?
>
> bridge# ipfw add 500 pipe 2 ip from any to any out recv xl1
> 00500 pipe 5 ip from any to any out recv xl1
> bridge# ipfw add 600 pipe 3 ip from any to any in xmit xl1
> [ipfw usage displayed]
it's a bit tricky.
The same ruleset is applied on input and output.
Rule 500 would never match on the input branch, and on the output
branch you know what the input interface was so it makes sense to
say "i want to select output packets which are coming from this
interface".
In rule 600, "in" would match on the input branch, but at that
point you do not know what the output interface will be so the
match will fail. So the rule in this form does not make sense.
At least, so I think...
cheers
luigi
----------------------------------+-----------------------------------------
Luigi RIZZO, [EMAIL PROTECTED] . ACIRI/ICSI (on leave from Univ. di Pisa)
http://www.iet.unipi.it/~luigi/ . 1947 Center St, Berkeley CA 94704
Phone: (510) 666 2927
----------------------------------+-----------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
