On Tue, Aug 02, 2005 at 03:05:11AM -0700, Tihomir Koychev wrote: > --- Sven Ingebrigt Ulland <[EMAIL PROTECTED]> > wrote: > > <URL:http://www.openbsd.org/faq/pf/filter.html#state>: > > "[...] not only do packets going from the sender to > > receiver match the > > state entry and bypass ruleset evaluation, but so do > > the reply packets > > from receiver to sender." > > > > Does this mean that basic label-based IP accounting > > won't mix with > > keeping state at all? > > there is patch in current > http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/pfctl/pfctl.c > which allow counting in/out packets + in/out bytes > from labels. > If you use keep state, all directions are count, > in/out
Ah, brilliant. That's just what i was after. Thanks for the info. sven
