On 2/4/15 12:55 AM, Lev Serebryakov wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 03.02.2015 19:13, Lev Serebryakov wrote:
Ok, "allow-state"/"deny-state" was very limited idea. Here is more
universal mechanism: new "keep-state-only" (aliased as
"record-only") option, which works exactly as "keep-state" BUT
cancel match of rule after state creation. It allows to write
stateful + nat firewall as easy as:
To work as expected, "keep-state-only" should not imply "check-state"
in opposite to "keep-state".
agreed.. I hate the implied check-state..
man page must be very explicit about this..
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
