IPFW: more "orthogonal? state operations, push into 11?
Andrey V. Elsukov
ae at FreeBSD.org
Thu Aug 4 10:52:38 UTC 2016
On 04.08.16 06:42, Julian Elischer wrote:
> so it's a combination of #1 and #2 in my list. I think I originally
> thought of having just #1.
>
> A combination is less useful for me as you need to do:
>
> 20 skipto 400 tcp from table(2) to me setup record-state
> 21 skipto 400 tcp from table(2) to me setup
> to make the entire session do the same thing.
So, in your example what wrong with just using keep-state?
"record-state without immediate action" == "keep-state without implicit
check-state" needed to solve issues with NAT or something similar, that
was described by Lev.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 559 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20160804/bd70affb/attachment.sig>
More information about the freebsd-ipfw
mailing list