Ceri Davies wrote:
On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote:I've just been looking into the 'me' option for ipfw: me matches any IP address configured on an interface in the system. The address list is evaluated at the time the packet is analysed. Since the machine is a gateway, it has two network cards. Will 'me' match *both* IP address or just the first one it comes across? I only really want it to match the IP address of the external interface, not the internal one.Both, I'm afraid.
Hmm, I suppose since tests for IP spoofing through the external interface have already been carried out by that point, it isn't that much of a problem. Does the fancy-pants new IPFW2 allow more control for 'me'? --Jon http://www.witchspace.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
