[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] skip 1, skip 2
 Date:  Wed, 13 Jul 2005 13:46:21 -0400 
On 7/13/05, Don Munyak <don dot munyak at gmail dot com> wrote:
> What is the "Skip 1" or "Skip 2" in the ipstat -nio section of
> status.php . How does it work
> 

Skips the next X rules if that rule is matched.  

Like if you have two subnets on your LAN side (second defined with a
static route to a router on your network), you'll have rules something
like this:

@10 skip 2 in on sis2 from 10.0.10.0/24 to any
@11 skip 1 in on sis2 from 10.0.1.0/24 to any
@12 block in log quick on sis2 from any to any

First one, if it's in that subnet, skip past rule 12, second one,
also, skip past rule 12.  Rule 12 in this case is the antispoofing
rule, if the network isn't defined either on the LAN interface or with
a static route, it gets dropped at that point.

-Chris