[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-doc
Subject: docs/7437: IPFW doco unclear about in/out
From: Andrew Cagney <cagney () tpgi ! com ! au>
Date: 1998-07-30 0:48:37
[Download RAW message or body]
>Number: 7437
>Category: docs
>Synopsis: IPFW doco unclear about in/out
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Jul 29 17:50:01 PDT 1998
>Last-Modified:
>Originator: Andrew Cagney
>Organization:
>Release: FreeBSD 2.2.6-RELEASE i386
>Environment:
IPFW configured into the kernel.
Dual homed machine.
>Description:
The documentation on IPFW isn't clear about its behavour
when handling a packet that is traversing a host acting
as a gateway.
>How-To-Repeat:
Look through the IPFW doc for a clear explanation of when/how
the packet filtering rules are applied.
Look through the IPFW doc for a clear explanation of what
meta information is attached to a packet when it is presented
to the packet filter.
>Fix:
The first part is to precisely describe the meta information
associated with a IPFW IP packet. I think it is:
o interface(s) (recv, xmit)
o direction
as well as the obvious:
o IP address
o packet type
o port address (tcp/udp)
o estab
o ....
The second part is to explain that every packet is put through the
IPFW rules as part of traversing an interface. (I.e. twice for a
routed packet).
If someone wants to work with me I'll make comments (at least) on the
changes.
Andrew
PS: The doco don't need to be an explanation on how to operate a
firewall, rather how this specific firewall is implemented.
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic