论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-04-06 20:40 |只看该作者 |倒序浏览

如: ipfw add 1000 pipe 1 ip from any to any in recv fxp0
其中参数in recv 的大概意思是什么?这个我不是很明白.谢谢各位大哥的指点

顺便问下,关于 ipfw add 1111 allow(deny) ip from any to any 之后一般都可以带什么参数?大概意思是什么.

谢谢

已经翻查过手册:http://sysop.com.cn/document/FreeBSD/handbook/firewalls-ipfw.html 但是还是有点不明白,而且手册里好象没有提及到 recv....郁闷

文库|博客

hongzjx

家境小康

论坛徽章:: 0

2楼 [报告]

发表于 2006-04-07 14:35 |只看该作者

man ipfw

recv | xmit | via {ifX | if* | ipno | any}
         Matches packets received, transmitted or going through, respec-
         tively, the interface specified by exact name (ifX), by device
         name (if*), by IP address, or through some interface.

         The via keyword causes the interface to always be checked.  If
         recv or xmit is used instead of via, then only the receive or
         transmit interface (respectively) is checked.  By specifying
         both, it is possible to match packets based on both receive and
         transmit interface, e.g.:

               ipfw add deny ip from any to any out recv ed0 xmit ed1

         The recv interface can be tested on either incoming or outgoing
         packets, while the xmit interface can only be tested on outgoing
         packets.  So out is required (and in is invalid) whenever xmit is
         used.