From owner-FreeBSD-net-jp@jp.freebsd.org  Mon May 28 20:17:31 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id UAA81532;
	Mon, 28 May 2001 20:17:31 +0900 (JST)
	(envelope-from owner-FreeBSD-net-jp@jp.FreeBSD.org)
Received: from mbc.nifty.com (mbc.nifty.com [192.47.24.179])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id UAA81527
	for <FreeBSD-net-jp@jp.freebsd.org>; Mon, 28 May 2001 20:17:30 +0900 (JST)
	(envelope-from tmts@mbc.nifty.com)
Received: (qmail 8828 invoked by uid 10002); Mon, 28 May 2001 20:17:28 +0900
Message-ID: <20010528111728.8827.qmail@mbc.nifty.com>
Received: from seagle.elcom.nitech.ac.jp (HELO mbc.nifty.com) (133.68.130.57)
  by mbc with SMTP; Mon, 28 May 2001 20:17:28 +0900
Date: Mon, 28 May 2001 20:17:21 +0900
From: Matsuo Takaharu <tmts@mbc.nifty.com>
X-Mailer: EdMax Ver2.31.6F
MIME-Version: 1.0
To: FreeBSD-net-jp@jp.freebsd.org
Content-Type: text/plain; charset=ISO-2022-JP
Content-Transfer-Encoding: 7bit
In-Reply-To: <7mpucuif1p.wl@waterblue.imgsrc.co.jp>
References: <7mpucuif1p.wl@waterblue.imgsrc.co.jp>
Reply-To: FreeBSD-net-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-net-jp 3124
Subject: [FreeBSD-net-jp 3124] Re: ipfw =?ISO-2022-JP?B?GyRCJEcbKEI=?=
 =?ISO-2022-JP?B?GyRCPVA4fSROGyhC?= I/F
 =?ISO-2022-JP?B?GyRCJHI7WERqJDckPyVrITwlaxsoQg==?= 
Errors-To: owner-FreeBSD-net-jp@jp.freebsd.org
Sender: owner-FreeBSD-net-jp@jp.freebsd.org
X-Originator: tmts@mbc.nifty.com

$B>>Hx$G$9!#(B
$BA2$/$=$l$i$7$$>pJs$r8+$D$1$k$3$H$,$G$-$^$7$?!#(B

http://people.freebsd.org/~nsayer/bdg-ipfw.txt  $B$h$j(B
> There are some complications in doing this because not all of the ipfirewall
> functionality is available on bridged packets. 
$B!J(B-$BN,(B-$B!K(B
> Bridged packets are filtered while they are
> being received, so rules that use 'out' or 'xmit' will never match.

$B$H$$$&$3$H$G$9$N$G!"%V%j%C%8$@$H=P8}$G$N%U%#%k%?%j%s%0$O$G$-$J$$$h$&$G(B
$B$9$M!#(B


Jun Kuriyama <kuriyama@imgsrc.co.jp> wrote:
> ----- man ipfw
>      Each incoming or outgoing packet is passed through the ipfw rules.  If
>      host is acting as a gateway, packets forwarded by the gateway are pro-
>      cessed by ipfw twice.  In case a host is acting as a bridge, packets for-
>      warded by the bridge are processed by ipfw once.
> -----
> 
> $B$C$F$N$,1F6A$7$F!"(Bincoming *or* outgoing $B$N$I$A$i$+$7$+$&$^$/(B match $B$G$-(B
> $B$J$$!"$C$F$N$@$C$?$j$7$^$;$s$+$M!#(B

$B$G$7$?!#(B


$B$"$j$,$H$&$4$6$$$^$7$?!#!d(B $B$U$?$D$-$5$s(B Kuriyama$B$5$s(B

