ipfw fwd and ipfw allow
Victor Sudakov
sudakov at sibptus.tomsk.ru
Mon Sep 13 04:32:07 UTC 2010
perryh at pluto.rain.com wrote:
>
> > ... the 'fwd ... keep-state' statement does create a useful
> > dynamic rule. It contradicts the ipfw(8) man page but works ...
>
> Hopefully someone who understands all this will submit a patch
> for the man page :)
The man page says that the "Dynamic rules will be checked at the first
check-state, keep-state or limit occurrence, and the action performed
upon a match will be the same as in the parent rule."
It suggests that if the parent rule is a 'fwd' rule, the corresponding
dynamic rule is also a 'fwd' rule, which would be no use (who needs a
reflexive 'fwd' rule?). However, in reality a parent 'fwd' rule seems
to create an 'allow' dynamic rule, which is useful but confusing.
Where exactly is this place in the ipfw code?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
sip:sudakov at sibptus.tomsk.ru
More information about the freebsd-questions
mailing list