Joachim Schipper wrote: > On Mon, Jul 03, 2006 at 09:15:15PM -0300, Giancarlo Razzolini wrote: >> Henning Brauer wrote: >>> skip steps and set skip have noting to do with each other. >>> set skip basically disables pf on a per-interface basis. >>> skip steps is an optimization in rule processing you can safely ignore. >>> it Just Works in the background and saves you CPU cycles :) >> It does not have much to do with the topic but, if i do enable skip on >> an interface, if i send packets to the skipped interface with tags on >> them, these tags will be lost? I'm asking because i did some tagging and >> sent to the ftp-proxy running in the lo0 interface, and the tags were >> gone when the ftp-proxy did the connection on behalf of the user. I need >> this to do qos. > > If this is pre-3.9 ftp-proxy, well, it should be obvious that it works > that way, no? Use multiple ftp-proxy processes, running under different > usernames/groups, and tag on username/group. > > Joachim > > My question is not only about ftp-proxy, i only used it to exemplify. My question is: if i tag a packet that is entering one interface and in the same rule (rdr pass, for example) i send this packet to an interface which is skipped by pf. I want to know if when this packet get out of this interface it will still be tagged or not. The only thing that the man page says is that tags are internal markers. So i'm supposing that if i send them to an interface skipped by pf, the tag will not be on the packets getting out of it. Just want to get sure about this, cause all my tests point to this conclusion.
Thanks, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]