On 4/08/2016 6:50 PM, Andrey V. Elsukov wrote:
On 04.08.16 06:42, Julian Elischer wrote:
so it's a combination of #1 and #2 in my list. I think I originally
thought of having just #1.
A combination is less useful for me as you need to do:
20 skipto 400 tcp from table(2) to me setup record-state
21 skipto 400 tcp from table(2) to me setup
to make the entire session do the same thing.
So, in your example what wrong with just using keep-state?
"record-state without immediate action" == "keep-state without implicit
check-state" needed to solve issues with NAT or something similar, that
was described by Lev.
because keep-state is a check-state for ALL packets going past,
regardless of whether they match the pattern.
at least that's what I have observed.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
