[RFC][patch] Two new actions: state-allow and state-deny
Julian Elischer
julian at freebsd.org
Wed Feb 4 05:06:59 UTC 2015
On 2/3/15 5:30 PM, Lev Serebryakov wrote:
>
>> looking at my own rules I don't seem to have a problem..
> You have "check-state" only once, on entrance, before all NATs, so
> it could work only for packets which don't need NAT. And looks like
> (correct me if I'm wrong) you don't try to track states of connections
> passed through NAT.
yes, because NAT is a stateful filter so it's a duplication
> - --
> // Lev Serebryakov AKA Black Lion
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
More information about the freebsd-ipfw
mailing list