* Ed White <[EMAIL PROTECTED]> [2004-05-31 15:32]: > However I'd like to know if every packet that belongs to that connection > (matches the state) will be marked with LAN tag.
no, only the first packet is (to be exact: only packets which do not match a state entry are tagged). This hasn't been a problem in practice (and is why the parser demands keep state on pass rules which do tagging); the tag operation is comparably expensive performance-wise so you don't really want that for each packet. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
