At 05:23 PM 1.6.2003 +0000, Jonathan Belson wrote: >Ceri Davies wrote: >> On Mon, Jan 06, 2003 at 05:02:01PM +0000, Jonathan Belson wrote: >> >>>I've just been looking into the 'me' option for ipfw: >>> >>>me matches any IP address configured on an interface in the >>> system. The address list is evaluated at the time the >>> packet is analysed. >>> >>>Since the machine is a gateway, it has two network cards. Will >>>'me' match *both* IP address or just the first one it comes >>>across? I only really want it to match the IP address of the >>>external interface, not the internal one. >> >> Both, I'm afraid. > >Hmm, I suppose since tests for IP spoofing through the external >interface have already been carried out by that point, it isn't >that much of a problem. > >Does the fancy-pants new IPFW2 allow more control for 'me'? > > >--Jon >
The best way to do this is to use "awk" to determine and set a variable for the external IP every time it changes and then refer to that variable in your rules. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
