On Mon, Dec 13, 2004 at 10:11:25AM -0800, Julian Elischer wrote: J> I do this now with the current ipfw unchanged.. J> my rules always start with something like: J> J> add 100 skipto 1000 ip from any to any in recv fxp0 J> add 101 skipto 2000 ip from any to any out xmit fxp0 J> J> add 110 skipto 3000 ip from any to any in recv fxp1 J> add 111 skipto 4000 ip from any to any out xmit fxp1 J> J> add 120 skipto 5000 ip from any to any in recv fxp2 J> add 121 skipto 6000 ip from any to any out xmit fxp2 J> J> This allows me to have a dedicated set of rules for each logical flow. J> J> Sometimes I even go one step further and define subsections for J> "out recv fxp0 xmit fxp1" and "from any to me in recv fxp1" .. etc
I often do the same way. We should admit that this is a workaround. And the fact that people are doing above setup means that it is claimed. This workaround is not error-prone, you can mess up rule numbers, not separated lists may collide, etc. And you can't have some interfaces without filter processing at all. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
