Per flow load balancing

Corey Smith csmith at
Mon Dec 20 10:33:38 PST 2004

On Fri, 2004-12-17 at 14:31 -0800, Darcy Buskermolen wrote:
> Yes you can do this through the use of keep-state/check-state

I'm trying a rule base like:

00005	check-state
00006	allow udp from any to any
00007	allow icmp from any to any
00010	reject tcp from any to any established
00015	prob 0.5 fwd tun1peerip tcp from any to any \
	recv bge0 xmit tun0 setup keep-state
00020	allow tcp from any to any setup keep-state
65535	allow ip from any to any

Unfortunately no connections ever match rule 15.  Any way you can show
me an example of using keep-state/check-state for per flow load

-Corey Smith

More information about the freebsd-ipfw mailing list