On 19.12.2017 21:46, wishmaster wrote:
>>> /sbin/ipfw add 15002 netgraph 100 ip from me to not me recv "*"
>>
>> Why do you have incoming ip packets sourced from your IP?
>
> It's ok. I use per-interface ACL.
>
> # out
> ipfw -fq table tbl_OUT_IF flush
> ...
> ipfw table tbl_OUT_IF add
On 19.12.2017 13:15, wishmaster wrote:
> Hi,
>
> after I have applied ng_patch for setting TTL for outgoing packets with below
> rules
>
> kldload ng_ipfw 2>/dev/null
> kldload ng_patch 2>/dev/null
>
> /usr/sbin/ngctl -f- <<-SEQ
> mkpeer ipfw: patch 100 in
> na
