* Agung T. Apriyanto <dup...@gmail.com> [2010-02-13 11:19]: > if a packet already has a state, it would ignore re-read the whole > filter rule in the same interface, yes ?
yes. > even when that packet get tagged but in the same interface, i mean, > state will ignore > tag and tagged if they were on same interface, thus there will be no > re-evaluate rule. am i right ? i have a hard time extracting anything that would make sense from the above. in general, tag/tagged influences ruleset evaluation. once state is created there is no ruleset eval any more for packets matching that state. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
