On 04.08.16 06:42, Julian Elischer wrote: > so it's a combination of #1 and #2 in my list. I think I originally > thought of having just #1. > > A combination is less useful for me as you need to do: > > 20 skipto 400 tcp from table(2) to me setup record-state > 21 skipto 400 tcp from table(2) to me setup > to make the entire session do the same thing.
So, in your example what wrong with just using keep-state? "record-state without immediate action" == "keep-state without implicit check-state" needed to solve issues with NAT or something similar, that was described by Lev. -- WBR, Andrey V. Elsukov
signature.asc
Description: OpenPGP digital signature
