PERFORCE change 146996 for review
    Gleb Kurtsou 
    gk at FreeBSD.org
       
    Sat Aug  9 17:15:05 UTC 2008
    
    
  
http://perforce.freebsd.org/chv.cgi?CH=146996
Change 146996 by gk at gk_h1 on 2008/08/09 17:14:46
	document state-options (mostly copy-pasted from pf.conf(5))
Affected files ...
.. //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 edit
Differences ...
==== //depot/projects/soc2008/gk_l2filter/sbin-ipfw/ipfw.8#6 (text+ko) ====
@@ -1465,6 +1465,21 @@
 Matches TCP packets that have the SYN bit set but no ACK bit.
 This is the short form of
 .Dq Li tcpflags\ syn,!ack .
+.It Cm state-options Ar spec
+Specifies options for dynamic rule creation by
+.Cm keep-state
+or
+.Cm limit .
+.Ar spec
+is comma separated list of options.
+The supported options are:
+.Bl -tag -width xxxxxxxx -compact
+.It Cm ether
+Enable layer 2 stateful filtering for a rule.
+Source and destination ethernet addresses (MAC addresses) are used to
+create a state entry (dynamic rule) and to check if packet matches any
+state entry.
+.El
 .It Cm src-arp Ar src-arp
 Matches Address Resolution Protocol (ARP) packets whose 
 .Em Sender protocol address (SPA)
    
    
More information about the p4-projects
mailing list