On Tue, 12 Feb 2008 00:58:33 +0200 Giorgos Keramidas <[EMAIL PROTECTED]> wrote: > On 2008-02-11 21:01, Peter Rosa <[EMAIL PROTECTED]> wrote: > > Hi, > > > > there is an error in the handbook, section 28.6.5.7 An Example NAT and > > Stateful Ruleset. > > > > On the bottom are two examples, 1st with command: > > $cmd 420 allow tcp from any to me 80 in via $pif setup limit src-addr 1 > > > > and second with command > > $cmd 370 allow tcp from any to me 80 in via $pif setup limit src-addr 2 > > > > Both commands should look ".... in via $pif setup keep-state limit ...." > > This is probably true. Can you file a `problem report', so this isn't > get lost in the noise of mailing lists? If not, I can do it and take > care of checking the section, fixing the text, and getting it committed.
This is unfortunately[1] false :) keep-state and limit are both forms of specifying dynamic rules. limit implies keep-state, which is the unlimited form. Does it hurt to add keep-state to limit? Let's try: paqi# ipfw add 30000 allow tcp from any to me 80 in via dc0 setup limit src-addr 1 30000 allow tcp from any to me dst-port 80 in via dc0 setup limit src-addr 1 paqi# ipfw add 30001 allow tcp from any to me 80 in via dc0 setup keep-state limit src-addr 1 ipfw: only one of keep-state and limit is allowed > Thank you for carefully reading the text, and most of all for taking the > time to report this. [1] Not at all wishing to discourage anyone from reviewing and patching docs, but it's best to prove the theory before firing up send-pr .. cheers, Ian _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
