> -I is rules for what packets can come into the linux box - that is,
> the -I
> rules are matched against packets as soon as the come in an interface.
> This
> is useful for rejecting packets that are forged (that come from the
> wrong
> network) or to keep people out of the linux box itself.
>
> -O rules are matched against packets just before they go to a physical
> interface for transmission. This is useful in order to make sure that
> the
> linux box doesn't accidentally send out packets where they don't
> belong.
> Usually you won't use many of these.
>
> -F rules determine which packets are forwarded. That is, which packets
> will
> this box resend for someone else. This is also where masqerading is
> configured, because it allows you to decide what to masqerade. For
> instance, if you have 3 network connections, one to the internet, and
> two
> to seperate internal networks, you would masqerade connections to the
> internet, but not connections between internal networks.
>
All this means also that it is possible to accept incoming packets
(ipfwadm -I) but without forwarding them ! is it true ?
let's say I've a linux box (192.168.0.254), and another PC connected to
the internal network. (192.168.0.35)
if I want to accept packets on the 192.168.0.254 interface from this PC,
I can add an ipfwadm -I rule, but if I do not specify a corresponding -F
rule, packets will never be forwarded to outside world ? ( regardless
the fact that this interface is the default gateway ) ?
Thank you , Eric :)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
