On 4/08/2016 3:08 AM, Andrey V. Elsukov wrote:
On 03.08.16 22:07, Lev Serebryakov wrote:
On 03.08.2016 21:03, Andrey V. Elsukov wrote:
1/ ability to use keep-state without an implicit check-state. <--- most
important for me. (store-state)?
2/ ability to keep-state without actually doing it <---- less important
for me.
So, if there are nobody against, I plan to commit this part in a several
days.
Which implementation? Just curious, I could live with any, really.
This one
https://people.freebsd.org/~ae/ipfw.diff
but with separate opcodes, I have come to the opinion, that this will
be more readable.
so, reading it. it appears that teh record-state saves a rule as a
target but doesn't actually perform the rule, right?
that needs to be made more clear in the man page
you say " Instead, the firewall creates a dynamic rule and the search
continues with the next rule."
so it's a combination of #1 and #2 in my list. I think I originally
thought of having just #1.
A combination is less useful for me as you need to do:
20 skipto 400 tcp from table(2) to me setup record-state
21 skipto 400 tcp from table(2) to me setup
to make the entire session do the same thing.
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
