On Mon, Jun 8, 2009 at 10:53 PM, David DeSimone<[email protected]> wrote: > [email protected] <[email protected]> wrote: >> >> by the way, anyone knows if there are plans to include connection mark >> capabilities to pf. >> >> i say this because until now is the only way i´ve found to solve my >> issue. > > I think the real question is whether tags become part of connection > "state". > > For instance: > > pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" keep state
pass in quick on $INT_IF from $NETWORK to any tag "INTERNAL" tagged INTERNAL keep state > > pass out quick on $EXT_IF tagged "INTERNAL" keep state pass out quick on $EXT_IF tag INTERNAL tagged "INTERNAL" keep state In this way it would work. > > So, when a packet comes in on $INT_IF and goes out $EXT_IF, obviously it > will have tag "INTERNAL" attached to it. However, when the reply packet > comes back in $EXT_IF and makes its way back to $INT_IF, will it also > have the "INTERNAL" tag attached? If it does, that would make ALTQ able > to assign it and classify it and queue it the way people want. But the > question is, is the tagging considered part of the "state" that is kept > in the state table? > > -- > David DeSimone == Network Admin == [email protected] > "I don't like spinach, and I'm glad I don't, because if I > liked it I'd eat it, and I just hate it." -- Clarence Darrow > > > This email message is intended for the use of the person to whom it has been > sent, and may contain information that is confidential or legally protected. > If you are not the intended recipient or have received this message in error, > you are not authorized to copy, distribute, or otherwise use this message or > its attachments. Please notify the sender immediately by return e-mail and > permanently delete this message and any attachments. Verio, Inc. makes no > warranty that this email is error or virus free. Thank you. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[email protected]" > -- Ermal _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
