getting state to work properly
Russell Fulton
r.fulton at auckland.ac.nz
Tue Sep 4 13:01:03 PDT 2007
Julian Elischer wrote:
>
> also bear in mind the way that state is done..
> it's not documented anywhere but when you do a 'keep-state', the rule
> that
> does the keep-state is stored away, and when a "check state" is run,
> it effectively JUMPS TO the rule that did the keep-state.
>
Ah! thanks for that! As it happens that's just what I need. In many
cases in my rule set I use
add pipe ................ keep-state
and that works as I had hoped it would -- this explains why.
Thanks also to the other folk on the list (Hi Vadim) who have helped me
get this show on the road. Yesterday I shut down the interfaces on the
primary firewall to force the traffic to the secondary where I had my
rewritten rule set up and no one noticed (except those who had tcp
sessions in progress at the time).
Are there any plans for state synchronisation (like pfsync) for ipfw or
is there something and I have missed it?
Russell.
More information about the freebsd-ipfw
mailing list