On Sun, Aug 14, 2005 at 04:03:53PM +1000, Darren Reed wrote: > for "quick" rules that do "keep state", move the state adding into the rule > evaluation so that we can detect it failing as rules are evaluated and > continue on to the next rather than wait until we're done and it's too late > to recover for more rule processing.
You mean that when you have a quick+keep state rule, and the state addition fails, that the packet will be matched against the following rules???? I hope I'm misunderstanding. -Guido
