--- fbsd_user <[EMAIL PROTECTED]> wrote:
> The FBSD 5.2 man IPFW does not say anything
> different that the 4.9
> man IPFW.
> Are you saying the man doc in 5.2 is wrong?
> 5.2 is using the ipfw2 code for IPFIREWALL I
> believe.
> Documenting the fact that 'limit' performs the same
> function as
> 'keep state' in additional to 'limit' stated purpose
> is very
> important information. Also that 'limit' and 'keep
> state' can not be
> coded together is another very important piece
> information that need
> to be documented in the man IPFW data.
> Should this be submitted as an problem report?
Snippits from 
IPFW(8) on FBSD 5.2
---[begin snip]---
     Stateful operation is a way for the firewall to
dynamically create rules for specific flows when
packets that match a given pattern are detected.  
Support for stateful operation comes through the
check-state, keep-state and limit options of rules.


 Dynamic rules will be checked at the first
check-state, keep-state or limit occurrence, and the
action performed upon a match will be the same as in
the parent rule.

---[end snip---

There is also an occurence farther down under the
"EXAMPLES" area in the "DYNAMIC RULES" area which
doesn't mention the limit option.
---[begin snip}---

 Dynamic rules are checked when encountering the first
check-state or keep-state rule.

---[end snip]----

Granted it doesn't say anything about them not working
if used together but, since it does say that they both
create dynamic rules, it looks to be intuitively
implied that they wouldn't be used together.

Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to