On Monday 31 May 2004 15:40, Matthijs Bomhoff wrote:
> the rest of the packets in that connection will be passed because they
> match the state table entry, they will not be run through the firewall
> rules again as the first packet passed and created the state for the
> rest of the connection.
I know ;-)
> To answer your question: I don't think they are tagged as well, but even
> if they were, you could not really make use of the tag, as the packets
> are not passed through the ruleset.
It's important to know.
Example: on rl0 we have created a state and so for this interface the ruleset
is not evaluated. However when the packet goes to rl1 (suppose this is the
external interface) the fact that packets come tagged or not is important for
ruleset evaluation.
Think at a second interface: would those packets come with a TAG ?
Ed
