[RFC][patch] New "keep-state-only" option
Dewayne Geraghty
dewayne.geraghty at heuristicsystems.com.au
Wed Feb 4 11:01:21 UTC 2015
On 4/02/2015 4:38 PM, Julian Elischer wrote:
> On 2/4/15 1:32 PM, Julian Elischer wrote:
>> On 2/4/15 12:13 AM, Lev Serebryakov wrote:
>>>
>>> And variants with multiple NATs and "nat global" becomes as easy as
>>> this, too! No stupid "skipto", no "keep-state" at "incoming from local
>>> network" parts of firewall, nothing!
>>>
>>> P.S. I HATE this "all any to any" part!
>> can we get rid of it? (implied).. or just add "everything"
>> also I am not sure about "keep-state-only"..
>> how about 'set-state'? or record-state as I started with..
> or record-session.. (state always annoyed me)
>
>>
>>
record-state seems more intuitive, while record-session suggests a wider
scope involving session negotiation.
Regards, Dewayne.
More information about the freebsd-ipfw
mailing list