[RFC][patch] Two new actions: state-allow and state-deny

[Ian Smith]

On Mon, 2 Feb 2015 22:17:25 +0300, Lev Serebryakov wrote:

 >  Now to make stateful firewall with NAT you need to make some not very
 > "readable" tricks to record state ("allow") of outbound connection
 > before NAT, but pass packet to NAT after that. I know two:
 > 
 >  (a) skipto-nat-allow pattern from many HOWOTOs

Lev, can you provide references for these HOWTOs you refer to?

I have a suspicion that some of them should be taken out and shot.

cheers, Ian