Other IN and OUT on same I/F?

byrnejb

byrnejb

Do any of the FreeBSD wirewall permit packets to enter and exit on the same I/F? I discovered that PF does not permit this. DO either IPFW or IPFILTER permit this?

This feature is supported by IPTABLES on CentOS and we need this capability for historic reasons which cannot easily be altered.
 
I think that PF by default uses the routing tables to pick egress interfaces, but seem to recall a "redirect" that could push to an interface.
 
IPFW does filter the packets when they come in through some interface, and does filter them again when they go out through some interface (given that one_pass is disabled). It does not care about which interface that is, so if you get your routing to do such a thing, that is of no concern to IPFW.
 
mer said:
I think that PF by default uses the routing tables to pick egress interfaces, but seem to recall a "redirect" that could push to an interface.
Click to expand...
Yes, but you cannot "bounce" packets out the same interface they came in on.

Code: 
     Redirections cannot reflect packets back through the interface they
     arrive on, they can only be redirected to hosts connected to different
     interfaces or to the firewall itself.
 
  • Like
Reactions: mer
You must log in or register to reply here.
Back
Top