Re: Interface matching of firewall forwarding rules

Paul Rusty Russell (Paul.Russell@rustcorp.com.au)
Fri, 19 Feb 1999 16:24:40 +1130

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rik van Riel: "Re: 2.2.1 mkfs.ext2 out of memory"
Previous message: Nicholas Henke: "Cdrecord and 2.2.1...DMA???"
Maybe in reply to: Damien Miller: "Interface matching of firewall forwarding rules"

In message <Pine.LNX.4.04.9902191322510.399-100000@mothra.ilogic.com.au> you wr
ite:
> The docs for ipchains and ipfwadm are ambiguous, stating that
> matches occur based upon the "name of an interface via which a
> packet is received, or via which is packet is going to be sent."

You're right about the man page being screwed. Damn. Just fixed it
(will be in 1.3.9).

The HOWTO, however, is very clear on this point.

> Can anyone offer a rationale for this behaviour?

AFAIR from talking to Jos, it's an arbitrary decision, but it *is*
more logical for masquerading.

Rusty.

-- .sig lost in the mail.

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: 2.2.1 mkfs.ext2 out of memory"
Previous message: Nicholas Henke: "Cdrecord and 2.2.1...DMA???"
Maybe in reply to: Damien Miller: "Interface matching of firewall forwarding rules"